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(57) Abstract: A system and method are provided for pre- 
processing encrypted and/or signed messages at a host sys- 
tem before the message is transmitted to a wireless mobile 
commumcation device. The message is received at the host 
system from a message sender. There is determination as to 
whether any of the message receiver has a coircsponding 
wireless mobile communication device. For each message 
receiver that has a corresponding wireless mobile communi- 
cation device, the message is processed so as to modify the 
message with respect to enciyption and/or authentication as- 
pect The processed message is transmitted to a correspond- 
mg wireless mobile communication device. The system and 
method may include post-processing messages sent fi^m a 
wireless mobile communications device to a remote system 
Authentication and/or encryption message processing is per- 
foraied upon the message. The processed message may then 
be sent through the remote system to one or more receivers. 
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System and Method for Compressing Secure E-Mafl for Exchange with a 
Mobile Data Communication Device 



CROSS-REFRRBNCE TO RBT ATED APPT JHATrnM 
This appKcation claims priority from United States Provisional Applications S/N 
60/297.681, ffled on Jmie 12, 2001. and S/N 60/365,535, filed on March 20. 2002. The 
complete disclosure of each of Oiese ptovisioiial applications, including drawings, is hereby 
incorporated mto this application by referwice. 

BACKGRQTTN D QP THR TNVRNTrnisT 

Held of the Ihvenfioq 

The present invention relates generally to secure electronic messaging and in 
particular to an advanced system and method of exchangmg secure e-maii messages between 
a host system and a moMIe communications device CtooMle device") via a wireless 
communications network operable with die mobile device. 

Description of the Related Art 

Here are many known solutions for exchanging information between host systems 
and mobile devices. However, these systems tend to follow simple encoding metiiods for 
deUvering a shortened version of the original message to the mobile device. especiaDy when 
dealmg witii authentication and/or encryption. Ibis limits die use of mobile devices m 
dealing with such messages. 
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Summary 

In accordance with the teachings provided herein, a system and method are provided 
for pre-processing encrypted and/or signed messages at a host system before die message is 
transmitted to a wireless mobile communication device. TTie message is received at the host 
• system 6om a message sender. There is a determination as to whe&OT any of (he message 
receivers has a corresponding wkeless mobile communication device. For each message 
receiver that has a corresponding wireless mobUe communication device, the messa^ is 
processed so as to modify the message with respect to encryption and/or autiientication. Ilie 
processed message is transmitted to a wireless mobUe communication device that 
conesponds to the message receive:. 

The system and metiiod may include post-proces^g messa^ sent fiom a wireless 
mobile commnnications device to a remote systemu Autiientication and/or encryption 
message processmg is performed upon the message. Ihe processed message may tiien be 
sent tioong^ tin remote Systran to one or mrae receivers. 

BRIEF DESC RIPnON OP THE DRAWTNrT5! 

• Fig. 1 is a block diagram showing an overview of an environment in which a moWle 
device may be used. 

Fig. 2 is an illustration of the main types of e-mail exchanges that are commonly used 
tod^intheintemet. 

Fig. 3 is block diagram illustrating of die main components of a system supporting both 
secure and unsecure e-mail exchanges. 

Kg. 4 is a block diagram which illustrates received encrypted message size reduction. 

Fig, 5 is a block diagram illustrating received signed message size reduction. 

2 
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Fig. 6 is a block diagram of a system in which the size of a signed message is reduced 
based on infonnation stored at a mobile device. 

Fig. 7 is a block diagram illustrating secure message size reduction for a received 
message that has been encrypted and then signed. 

Fig. 8 is a block diagram illustrating secure message size reduction for a received 
message Hxat has been signed and then encrypted 

Fig. 9 is a block diagram showing an encrypted message pre-processing system. 

Fig. 10 is a block diagram of a signed message pre-processing system. 

Fig. 11 is a block diagram illustrating secure message pre-pn)cessing for a received 
message that has been encrypted and then signed. 

Fig. 12 is a block diagram illustrating secure message pre-processing for a received 
message that has been signed and then encrypted 

Figs. 13 and 14 show a flow chart illustrating a mefliod for pre-processing signed, 
encrypted or signed and encrypted messages before sending tiiem to a mobile device. 

Pig. 15 is a flow chart of a method for post-processing signed or encrypted and then 
signed messages sent from a mobile device. 

Kg. 16 is a flow chart of a method for post-processing encrypted or signed and then 
encrypted messages sent from a mobile device. 

Fig. 17 is a block diagram of an exemplary wireless communication device that could 
be used wifli the systems and methods described herein. 

Rgs. 18 and 19 are block diagrams depicting processing of messages involving a 
mobile device. 
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Fig. 20 is a block diagram showing an example conmmnication system. 
Fig. 21 is a block diagram of an alternative example communication system. 
Fig. 22 is a block diagram of another alternative communication system. 

Supporting S/MIMB, POP and other e-mail security methods in a wireless 
environment is desired for a richer and secure e-maU experience for the corporate user of a 
mobile device accessing data stored at or assodated with his corporate enteqnise's computer 
system. The systems and methods described hetran aUow secure messaging medwdologies to 
be used, for example, between coiporatB users and mobile devices. This 'extending* of 
corporate e-maU mailboxes to mobile devices has been madd possible by the related. United 
States Patent 6.219,694, titled "System and Method for Pushing Information ftom a Host 
System to a Mobile Data Communication Device Having a Shared Electronic Address," 
issued on April 4, 2001 (Jierdnafter referred to as die '"694 Patent"), whidi is mcorporated in 
its entirety herem by reference. By using such a system as described in die '694 Patent, 
Tntemef communicable or formatted e-mail may be sent or pushed to mobUe devices to 
thereby provide richer and farther reaching security that extends what is available m the 
mobile communications industry today. In previous wireless e-maU solutions, the aWKty to 
adequately support security between different corporations was not possible. Widi the rise of 
secure e-maU between both corporate and private users, like the S/MIMB and PGP standards, 
mobUe device support for such secure e-mail methods is desked. 

As used in fliis application, the term "host system" refers to one or more computers at, 
with or in association with which a wireless communications connector system (hereinafter 
referred to as tiie "wireless connector") is operating. In an embodiment, the host system is a 
server conq)ut(a- running wiUiin a corporate network environment operating behind and 
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protected by at least one security firewaU. The host system implements a wireless connector 
system as an associated wireless communications enabling component, which will nonnaUy 
be a software program/application/component buUt to work with at least one or more 
messaging servers, such as MicrosQft™ Exchange or Lotus Domino™. The wireless, 
connector system or software program is used to send and receive user-selected mformation 
to a mobile device, via a wireless network. Alternatively, the host system could be a user's 
desktop or laptop PC, also running within a corporate eavironment. connected to local-area 
rietworic CLAIST), or could be any othpr system tiiat is in communication with a user's PC. 
Thus, a wireless connector system or software program may be server-based or PC-based, 
such that the host system may be a server computer, a desktop computer or a laptop 
coinputer. 

A wireless connector system operating at a host system enables &e user of a mobile 
device to send or mirror, via a wireless network, certain user-selected data items or parts of 
data items fiom the host system to the user's mobfle device upon detecting that one or more 
triggering events has occurred. In die process of sending data items to the user's mobUe 
device, there is special processing performed that «iables the support of S/MMB or PGP 
encrypted messages. For one skilled in the art of S/MIMB, it is well known that the size of 
an original e-mail message can be dramatically increased when S/MEMB algoridmis are 
appUed to the message. By applying advanced filtering, re-organization and pre-processing 
on the message, the user can still receive such data items on a moWle device. In some 
situations, the user can have fiiU control over S/MMB processing stages and can direct tiie 
host system as to which procedures it should perform on a message. 

When wireless access to corporate data for a mobile device has been activated at die 
host system, for example when the host system detects the occurrence of a triggering event, 
the host system repackages received messages in a manner that is transparent to die mobUe 



wo 02/101605 PCT/CA02/00889 

device, so that information sent to and received by the mobile device appears similar to the 
infonnation as stored on and accessible at the host system. A triggering event includes, but is 
not limited to one or more of the following: a command sent from the mobile device or 
another computer to the host system to start sending one or more messages stored at t^e host 
system, activation of a screen saver application at the host system or a computer associated 
widi the host system, etc. In addition to repackaging the information itself, the repackaging 
may also provide information about flie message, for wcample whether or not the message 
was signed and whether or not the signature was vwified. One preferred repackaging method 
includes wrapping received messages to be sent via the wireless network in an electronic 
envelope that corresponds to the wireless network address of the mobile device. 
Alternatively, other repackaging methods could be used with the system, such as special- 
purpose Transmission Control Protocol over Internet Protocol (TCP/IP) wrapping techniques. 
Such repackaging preferably also results in e-mail messages sent fiom the mobile device 
appearing to come from the host syston even though they are initiated Ci.e., composed and 
sent from) at flie mobile device, thus enabling the mobile device user to appear to the 
mtended recipient(s) of his messages to use and have a single e-mail address. 

In an alternative system and method, a wireless connector system operates in 
conjunction witii a network server, and the server is programmed to detect numerous event 
triggers over the network from multiple user computers (such as desktop and notebook 
computers) coupled to the server via a Local Area Network (LAN). The server can detect 
internal event triggers from each of tiie user desktop computers via flie network, and can also 
detect external event triggers, such as messages or commands fiom the users' mobile devices. 
In response to detecting one of fliese triggers, the server sends received messages to the 
proper mobile device. The messages and addressing mformation for a particular mobile 

device can be stored at a storage device at, coupled to or associated with the server or at a 
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Storage device at, coupled to or associated with the user's desktop or notebook computer 
connected to the LAN. Using this alternative configuration, one wireless connector system 
can serve a plurality of users. This alternative configuration could also include an Internet- or 
mtranet-based system that could be accessible through a secure webpage or other user 
interface. The wireless connector system could be located on an Ihtemet Service Provider 
(ISP) system and accessible only or also through an Internet interface. 

In another configuration, a wireless connector system operates at both a host system 
and at a user's mobile device. The user's mobile device then operates similarly to the host 
system, and is configured in a similar fashion to send certain user-selected data items from 
the mobile device to the host system (or possibly to some other destination) upon detecting a 
triggering event at the mobile device. This configuration provides two-way sending of 
mformation between the host system and the mobile device. 

Rg. 1 is a block diagram showing an overview of an environment in which a mobile 
device may be used. One skilled in the art can appreciate that there could be many different 
topologies, but the one shown in Hg. 1 helps demonstrate how systems and methods may be 
implemented. 

In Fig. 1, tiiere is shown a corporate LAN 30 behind a security firewall 22 as an 
illustrative example of a central, server-based host system, typically refoxed to herein as a 
corporate LAN or host location. However, this does not restrict the host location from being 
a branch office, a home ofBce or some other location where e-mail messages are being 
exchanged. As described above, the host system may mstead be a desktop or laptop 
computer. Also shown is an e-mail sender 10, which could for example be an individual 
using an ISP account, a person withm another company, a person in the same company 
within another branch office, or a user of an ASP (application service provider). 
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Within tlie corporate LAN 30 is a message saver 40, running on a computer behind 
the firewall of the corporation, fliat acts as the main interface for the corporation to exchange 
electronic mail, calendaring data, voice mail, electronic documents, and odier personal 
mfonnation management (PIM) data with a WAN 20. which would tjfpicaUy be the Internet 
Two of the most common message servers 40 are Mcrosoft Exchange and Lotus Domino 
server products. These severs are often used in conjunction widi IntMnet mail routers that 
typicaUy use UNIX-based SendmaU protocols to route and deliver electronic mail. These 
intMmediate steps and computers wiU be dependent upon the specific type of message 
delivery mechanisms and networks via which e-mail messages are exchanged, but have not 
been shown in Fig. 1 since they do not directly play a role in the operation of die systems and 
methods described herein. A message senro- 40 may extend beyond just e-mail sending and 
receiving, providing such functionality as dynamic database storage engines that have 
predefined database formats for data like calendars, todo lists, task lists, e-mail and 
documentation. 

Within dus typical corporate envinrnment, a wireless connector system 45 as 
described briefly above may be operable in conjunction wiUi the message server 40. The 
wireless connector system 45 may reside on flie same computer as the message serv» 40, but 
flds is not a requirement Hie wireless connector system 45 and the message server 40 are 
designed to co-operate and interact to allow the pushing of information to mobile devices 
100. In such an installation, the wireless connector system 45 is preferably configured to 
send confidential and non-confidential corporate information foe each user that has a mobile 
device 100 through the corporate firewafl 22, via a wireless network, to the user's mobile 
device 100. The wireless connector system 45 preferably employs a 'push-based' technique, 
a 'puU-based' technique or some combination thereof so tiiat any e-mail system including a 
message server 40 could be extended. Tlie user's mobile device 100 thereby has access to 
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Stored messages of the message server. Although the system is not directed solely to a *push. 
based* technique, a more detailed description of such a redirection system may be found in 
the above referenced '694 Patent and in the following co-pending, and commonly-owned. 
United States Patent Applications, all of which are related to the *694 Patent: United States 
Patent Applications S/N 09/401.868, S/N 09/545,963, S/N 09/528,495, S/N 09/545,962, and 
S/N 09/649,755. The complete disclosure of each of these applications, including drawings 
and claims, is hereby incorporated into diis application by reference. This push technique 
uses a wireless friendly encoding, compression and encrypdon technique to deliver all 
information to a mobile device, thus effectively extending the coxnpany firewall 22 to include 
the mobile devices 100. 

As shown in Fig. 1, there are many alternative paths for getting information to a 
mobile device 100 from the corporate network 30. One possible transfer padi for getting 
information to a mobile device 100, discussed later in this section, is through a physical 
connection 50 such as a serial port, using an interface or connector 65. This path may be 
us^id for example for bulk information updates often performed at initialization of the 
system or periodically when a us^ of a mobile device 100 is working at a desktop computer 
system with the LAN 30, such as the host compute systpm 35. Although only one desktop 
computer system 35 is shown in Hg. 1, those skilled m the art will appreciate diat a LAN will 
^ically contain many desktop, notebook and laptop computer systems. 

Another method for data exchange with a mobile device 100 is over-the-air using 
wireless networks. As shown in Fig; 1, this could involve a Wireless Virtual Private Network 
(VPN) router 75, if available in the network 30, or through a traditional Wide Area Network 
(WAN) connection to a whreless gateway 85 that provides an interface to one or more 
wireless networks such as 105 and 1 10. The concept of a Wireless VPN router 75 is new m 
the wireless industry and unplies that a VPN connection could be established direcfly through 
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a specific wireless network 1 10 to a wireless device 100. The possibility of using a Wireless 
VPN 75 router has only recently been available and could be used in conjunction with a static 
addressing scheme. For example, a wireless network such as 110 could be an IP-based 
wireless network in which the new IP Version 6 (IPV6) would provide enough IP addresses 
to dedicate an IP address to every mobile device 100 and thus make it possible to push 
information to a mobile device 100 at any time. A primary advantage of using a wireless 
VPN router 75 is that it could be an off-the-shelf VPN component, which would not require a 
separate wireless gateway 85. A VPN connection would most likely use a TCPyiP or User 
Datagram Protocol (UDP)/IP connection to deliver messages directly to a mobile device 100, 
If a wireless VPN 75 is not available, then a link to a WAN 20, ncmnally the Internet, 
is a coinmonly used coxmection mechanism. For one skilled in the art of wireless networks, 
the path for delivering wireless datagrams to mobile devices 100 is well known. To handle 
the addressing of the mobile device 100 and any other required interface functions, a wireless 
gateway 85 k preferably tised. The wireless gateway 85 may also determine a most likely 
network for locatmg a given us«r and track users as they roam between countries or networks. 
In wireless networks such as 110 and 105, messages are normally delivered to and fiom 
mobile devices 100 via RF transmissions between base stations (not shown) and mobile 
devices 100. 

Also shown in Fig. 1 is a composed e-mail message 15 leaving the e-mail sender 10, 
located somewh^e on the WAN 20. ITiis message 15 is fufly in the clear and may use 
traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and MIME body parts to 
define the format of the mail message. These techniques are all well known to one in the art 
In this environment, the message 15 arrives to the message server 40 and is forwarded by the 
wireless connector system 45 to a mobile device 100. As this takes place, the message is re- 
enveloped as indicated at 80 and a compression and encryption algorithm can be applied to 
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the original message IS. In this way, messages being read on the mobile device 100 are no 
less secure then reading them on the desktop computer system 35. Preferably, all messages 
exchanged between the system 45 and the mobile device 100 preferably use this message 
repackaging technique. Another goal of this outer envelope (although not required) is to 
maintain at least some of die addressing hiformation of the original message IS. This allows 
reply messages to reach the appropriate destination, and it allows (he "from"' field to reflect 
the e-maii address of the mobile device user's electronic mailbox account at his desktop 
computer system 35. Using the user's desktop computer system e-mail address from the 
mobile device 100 allows the received message to appear as though the message originated 
firbm the us^'s electronic mailbox account at his desktop computer system 35 rather than the 
mobile device 100. 

Turning back to the physical connection 50 to the mobile device 100, tiiis connection 
path offers many advantages for enabling one-time data exchange of large items. For those 
skilled in the art of Personal Digital Assistants (PDAs) and data synchronization. Personal 
Information Management (PIM) data is commonly exchanged over such a connection, for 
example a serial port connected to an appropriate interface or connector 65 such as a cradle in 
or upon which the mobile device may be placed. When exchanged for the first time, the 
amount of PIM data tends to be relatively large and requires a large bandwidth for transfer to 
the mobile device 100. This physical connection SO can also be for other purposes, including 
transferring private security kej^ (hereinafter referred to as "private keys**) such as a mobile 
device user's private key' used in processmg S/MIME messages, a user's digital Certificate 
(Cert) and 9ny chained Certs, and CRL(s) from the user's desktop computer system 35 to the 
user's mobile device 100. For example, a private key may be generated by collecting cursor 
position information while a user moves a mouse or otiier input device coupled to the 
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computer system 35. The private key may then be loaded onto the mobile device 100 
through the physical coraiection 50 and the mteiface or connector 65. 

The private key exchange allows a user's desktop computer system 35 and mobfle 
device 100 to share at least one personality and a method for accessing all encrypted mail. 
The user's dedctop computer system 35 and mobile device 100 can also hereby shate private 
keys and thus either the host system 35 or mobile device 100 can process secure messages 
addressed to the user's electronic mailbox account or desktop computer system 35. The 
transfw of Certs and CRLs over such a physical connection 50 may be desirable in that they 
represent a large amount of flie data that is. required by a mobile device 100 for S/MIMB, 
PGF and other public key security methods. A Cert is often part of a Cert chain, which 
includes a user's Cert as well as possibly other Carts to verify that the user's Cert is authentic. 
While verifying the signature on a signed message, the receiver of the message will also 
typically obtain a Cert chain for the signing Cert of the message and verify that each Cert in 
tb& ch^ was signed by the mxt Cert in the chain, until a Cert is found tfiat Was signed by a 
root Cert from a trusted source, perhaps from a large Public Key S^ver (PKS) associated 
with a Certificate Authority (CA) such as Verisign"^ or Bntrust^w for example, bofli 
prominent companies in the area of public key cryptography. Once such a root Cert is found, 
a signature can be trusted, since both the sender and receiver trust flie source of the root CerL 
It should be appreciated that the user's own Cert or Cert chain, as well as those for 
other users, may be loaded onto a mobile device 100 from a the user's desktop computer 
systent If the user's Cert or Cert chain is on a mobile device 100, then it can be sent to 
recipients along with any secure messages composed on the mobile device 100 so that each 
recipient can verify a trust status of the Cert. A goal of loading other user's Certs and onto a 
mobile device 100 is to allow a mobile device user to select otha: entities or users with whom 

they might be exchanging secure messages, and to pre-load die bulky information onto fbt 
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mobile device 100 through a physical connection instead of over flie air, thus saving time and 
wireless bandwidth when a secure message is received from or to be sent to such other users. 
Bulky information is generally any electronic data tiiat has large byte sizes. Loading of CRLs 
on a mobile device may also allow a mobile device to determine the status of a received Cert 
Referring again to Rg. 1, there is normally a series of connections to wireless 
networks 110 and 105. As one skilled in the art will readily appreciate, these connections 
could include for exmnple Integrated Services Digital Network OBDN), Frame Relay or Tl 
connections using the TCP/IP protocol used tinroughout tfie Internet These networks could 
represent distinct, unique and unrelated networks, or tiiey could represent tiie same network 
m different countries. The term "wireless networl^ is meant to include different types of 
networks, including but not limited to (1) data-centric wireless networks, (2) voice-centric 
wireless networics and (3) dual-mode networks that can support both voice and- data 
communication? over the same or similar physical base stations. The newest of these 
combined networks include, but are not limited to (1) tiie Code Division Multiple Access 
(CDMA) network, (2) die Groupe Special Mobile or tiie Global System for Mobile 
Communications (GSM) and die General Packet Radio Service (GPRS), bofli developed by 
flje standards committee of CEPT, and (3) third-generation (3G) networks like Enhanced 
Data rates foe Global Evolution (EDGE) and Universal Mobile Telecommunications Systems 
(UMTS). GPRS is a data overlay on top of the very popular GSM wireless network, 
operating in virtually evay country in Europe. Some older examples of data-centric network 
include, but are not limited to: (1) die Mobitex™ Radio Netwoik ("Mobitea") and (2) die 
DataTAC™ Radio Network CT>ataTAC"). Examples of older voice-centric data networks 
include Personal Qonamunicadon Systems (PCS) networks like CDMA, GSM, Hme Division 
Multiple Access (TDMA) systems. 
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Taming now to Fig. 2, which is an illustration of the main types of e-mail exchanges 
that are comiiionly used today in the Internet, we first have a normal exchange of e-mail 
messages (method 1). In this scenario, an e-mail is constructed using RFC822, RFC821 and 
MIME techniques and delivered using standard SMTP mail exchange protocols, as shown at 
120. The e-mail is then received and given to the addressed uscts, as indicated at 125. Such 
normal e-mail exchange is typically secure within a company or LAN such as 30 (Fig. 1) 
located behind a security firewall 22, but not between stand-alone users and/or users on 
different netwodcs. 

Also commonly used are VPN links for inter-office message exchange (method 2), for 
example between branch offices of the same company, and sometimes between differrat 
companies that are working very xjlosely together. Using this method, a lower-level security 
called DP Security (IPSec) may be used to encrypt all data being exchanged between the two 
VPN locations, as shown at 130. When an enoypted e-mail is received at a corresponding 
VPN system, it is decrypted into plain text and routed to addressed users, at 135. 

E-mail exchange between different companies or users that have adopted a private 
security scheme is illustrated in Hg. 2 as method 3. In this scenario, a protocol such as PGP, 
OpenPOP or some other less widely used protocol is used to enciypt .an e-mail before it is 
sent, at 140. Once received, a corresponding mail agent decrypts the e-mail and presents the 
plain text of the e-mail to the recipient, at 145. 

Methods 4, 5, 6 and 7 shown in Fig. 2 relate to S/MIME. The methods are all 

different variations of S/MIMB* In method 4, a sender takes a digest of an e-mail message 

and signs the digest using the sender's private key, as shown at 150. A digest may for 

example be generated by performing a check-sum, Cyclic Redundancy Check (CRC) or some 

other preferably non-reversible operation . such as a hash on the message, and is tiien signed 

by the sender using the sender's private key. The signed digest is appended to the outgoing 
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message, possibly along with the Cert of the sender, and possibly any chained Certs and 
CRLs. The receiver of such a signed message also takes a digest of the message, compares 
this digest with the digest appended to the message, retrieves the sender's public key, usually 
by extracting the public key from the sender's Cert, and verifies the signature on the 
appended digest These operations are part of the signature verification indicated at 155 in 
Fig. 2. If the message content has been changed since it was signed by the sender, then the 
digests will be different or the signature on die digests will not verify properiy. This does not 
prevent anyone firom seeing the contents of the message, but does ensure the message has not 
been tampered with since it was signed by the sender, and that the message was signed by the 
person as indicated on flie *Rom' field of the message. The C&t, Cert chain and CRLs are 
used by a receiver to ensure that tihe sender's Cert is valid, i.e. that the Cert has not been 
revoked or expired, and trusted. The combination of a digest generated at a sender with the 
signature on the digest is typically referred to as a digital signature. Hereinafter, references to 
digital signatures should therefore be interpreted as including a digest and a signature of the 
digest. 

Method 5 represents exchange of S/MIME encrypted messages. In this method, a 

one-time session key is generated, used to encrypt the body of a message, typically with a 

synunetric cipher like Triple Data Encryption Standard (3DES). The session key is then 

encrypted using the public key of each intended receiver of the message, at 160. Session key 

encryption is often accomplished using a public key encryption algorithm such as Rivest 

Shamir Adelman (RSA). The S/MIMB message, including tiie encrypted message and all 

encrypted versions of the session key, is sent to each receiver. Each receiver must then locate 

its corresponding encrypted session key, normally based on a Recipientlnfo summary of the 

receivers that is attached to the message, and decrypt that particular encoded session key 

using its private key, as indicated at 165. Once the session key is decrypted, it is used to 
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decrypt the message body. An S/MIME message may also specify an encryption algorithm 
that must be used to decrypt the message. This information is normally placed in a header of 
an S/MIME message. 

Exchange of messages fliat have been encrypted and then signed is shown in Fig, 2 as 
method 6, According to this scheme, the sender iBrst generates a one-time session key, 
encrypts the message body and then encrypts the session key with the public key of each 
receiver, as described above. The sender flien takes a digest of the message, including the 
encrypted session keys, and signs the digest using its private key to generate a digital 
signature, at 170. Bach receiver takes a digest of the message, compares this digest with die 
digest in the digital signature appended to the message, retrieves the sender's public key, and 
verijSes the signature on the digest, as described above. The correct session key is then 
located and decrypted with the receiver's private key, which then allows the message body to 
be deoTpted. Signature verification and message decryption according to this method are 
sbown in Hg. 2 at 175. • 

Mefliod 7 in Hg. 2 illustrates exchanging messages that have been signed and then 
encrypted. A digital signature is generated by a sender substantially as described above, at 
180. This digital signature, as well as possibly the sender's Cert, Cert chain and CRLs are all 
upended to the outgoing message. A session key is then generated and is used to encrypt the 
message body, digital signature, and any Certs and CRLs- The session key is encrypted with 
the public key of each receiver. The resultant S/MIME message, including the encrypted 
versions of the session key, is transmitted to the receiver. When a receiver receives such a 
message, as shown at 185, it must first decrypt its corresponding encrypted session key with 
its private key. The decrypted session key is then used to decrypt the message body, digital 
signature, and any Certs and CRLs of the message sender. . The digital signature can then be 
verified as described above.. 
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Kg. 3 is block diagram illustrating components of a system supporting both secure 
and unsecure e-mail exchanges, and is useful in demonstrating some of the general 
characteristics and functions of secure messaging in contrast with standard typically unsecaie 
messaging such as Internet-based e-mail. In Fig. 3, the example corporate networks 30a and 
30b are secure networks located behind respective security firewalls 22a and 22b. Although 
users on networks 30a and 30b, shown as desktop computer systems 35a, 35b, are preferably 
enabled for secure messaging with other user systenis on either of the networks as described 
in further detail below, such user systems will normally also be able to conmiumcate with 
unsecuie systems, such as an e-mail sender system 12. 

When the e-mail sender 12 sends an e-mail message 15 to a user on the LAN 30a, the 
message 15 traverses the WAN 20, which is perhaps niost often the iitemet, and is received 
by the message server 40a in the LAN 30a. Since the e-mail message sender 12 is unsecure, 
the e-mail message 15 would normaHy be transferred to fiie message server 40 on LAN 30a 
in the clear. 

Messaging between users on LANs 30a and 30b proceeds somewhat differently, since 

both networks are enabled for secure e-mail communications. Users sending e-mail fixsm 

LAN 30a to one or more users on LAN 30b would presumably know that they can use 

S/MIME to secure the e-mail. The sender of an e-maU message, using desktop computer 

system 3Sa for example, preferably selects an encoding method from a plurality of encoding 

methods, which for illustrative purposes is assumed to be signed and then encrypted 

S/MIME. The desktop computer system 35a or possibly the message server 40a, or more 

likely software executing on either the desktop system or server, will generate a digital 

signature for the e-mail message, and mclude the digital signature and possibly the Cert(s) 

and CRLs for the sender in the outgoing message. The desktop computer system 35a or 

server 40a will then generate a session key, encrypt the entire message, fetch (or retrieve) a 
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copy of the public key for each receiver from a PKS 600 for example, and encrypt the session 
key for each receiver. A PKS 600 is preferably a server feat is normally associated with a 
CA from which a Cert for an entity, including the entity's public key, is available. It will be 
obvious to one skilled in the art that the PKS could reside within a corporate firewall 22a, 
22b, or anywhere on the WAN 20, Internet or other network through which message senders 
and receivers may establish communications with the PKS. It should also be obvious that a 
message sender need not necessarily always fetch or retrieve an intended receiver's public 
key, for example where the receiver's Cert or public key is already stored on a storage device 
at the sender system. 

The resulting message that is transferred to the message server 40b via die WAN 20, 
shown as 200 in Hg. 3, has an encrypted signature-related infonnation component 202, which 
may include die sender's Cert, Cert chain, CRLs and digital signature, an encrypted message 
body portion 204 corresponding to the original e-mail message composed at the desktop 
system 3Sa, and one or more encrypted session keys 206. The component 202 and 204 are 
encrypted using the session key, whereas each receiver's public key is used to encrypt the 
session key, as described above. Depending upon the particular secure messaging scheme in 
place between LANs 30a and 30b, a secure message may contain different or additional 
components than those shown in Fig. 3, or the same or similar components in a different 
order. Of course, a secure message 200 would also include at least one destination address 
and possibly other header information diat must be left in the clear to provide for routing of a 
message to recipients. Since such additional and/or different message fields will be apparent 
to those skilled in the art, they have not been explicitiy shown in the drawings. 

Hg. 4 is a block diagram which illustrates received encrypted message size reduction. 

Reducing message size improves die processing and transmission of public-key encrypted 

messages, via a wireless network, to mobile devices. The system shown in Fig. 4 includes an 
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e-mail message sender 402 enabled for secure e-maU messaging, a WAN 404. which would 

in most cases be the Internet, a corporate LAN 406 as an example host location, a wireless 

gateway 408, a wireless network 410, and mobile devices 412 and 414. The example host 

location in Fig. 4 is a corporate LAN 406 located behind a security firewaU 403 and includes 

a message server 405, a desktop computer system 407 and a wireless connector system 409 

running on, in conjunction with, or as an integrated module of the message server 405. The 

operation of the system shown m Hg. 4 will be described in detail below by way of an 

illustrative example in which an e-mail message is composed at the secuie e-mail sender 402 

and sent to users A and B, each of whom are users of a mobile device 412 or 414 as well as a 

desktop computer system 407 at fte host location, i.e. LAN 406; only one of which is shown. 

As shown in Fig, 4, the e-mail sender 402 composes an e-mail message at least 

comprismg a destination address and electronic text destined fgr users A and B. In this 

example, the e-mail message is encrypted using a one-time session key chosen by the e-mail 

sender 402, substantially as described above. The e-mail sender '402 then encrypts the 

session key using the public key for each of the recipients of the e-mail, namely users A and 

B. As was also described above, the public keys may have been retrieved from a local storage 

area, a PKS resident within a network (not shown) in which die e-mail sender system 402 is . 

configured to operate, or a PKS resident on the WAN 404 or other network with which the e- 

mail sender 402 may communicate. In this example, die location of die PKS and the location 

of the public keys are not important The system is in no way dependent upon any particular 

key management scheme at an e-mail message sender such as 402. 

A secure message 416, including tiie encrypted message 418, and encrypted versions 

of die session key 420, 422 for all recipients, is sent tiuxiugh the WAN 404 to the recipients' 

addresses on die message server 405. It should be appreciated tfiat the message components 

shown at 416 represent those components that are directiy involved in the system. A message 
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sent by an e-mail message sender such as 402 may include additional components or the 
components shown at 416 may be included in a different order than shown, without affecting 
operations associated with this aspect of the system. 

When the message is received at the message server 405, possibly through one or 
more further computer systems (not shown) at flie host location and connected to the WAN 
404, the wireless connector system 409 detects the secu^ and encrypted message* The 
system 409 also determines that users A and B have associated mobile devices 412, 414 to 
which the received secure message should be sent via tiie wireless netwoik. 

According to this aspect, the system 409 reduces the size of the message by removing 
any encrypted session keys that are not needed by each individual user's mobile device 100. 
An SMME message for example includes a Redpienflnfo list which provides a map as to 
which encrypted session key corresponds to each recipient m the To, Cc or Bcc fields in the 
message. Therefore, the system 409 may consult the Recipientlnfo list to determine which 
encrypted session key should be sent to each recipient 

As shown m Fig. 4, the system 409 detects the received message 416 addressed to 
both users A and B, and sends a modified copy of the message 416 to each user's mobile 
device. The message sent to user A's mobile device 412 is shown in more detail at 424 and 
includes flie encrypted message body 418 and only one encrypted session key 420 that was 
encrypted using user A's public key. The encrypted session key 422 for user B, which cannot 
be used by user A, is removed from the message sent to mobile device 412 by the system 
409. Similarly, the system 409 removes the encrypted session key 420 intended for user A 
from the received encrypted message and sends to the mobile device 414 a resultant message 
including the encrypted message body 418 and die encrypted session key 422 for user B, as 
shown at 426. 
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Since each user receives its corresponding encrypted session key as part of the secure 
message, the secure message can be processed at each device 412, 414 even though other 
information in the original secure message 416 sent by the e-mail, sender 402 has been 
removed by the system 409. The encrypted session key can be decrypted on each mobile 
device 412, 414 using each user's respective private key resident on the mobile device and 
then used to decrypt the message body. As described above, a user's private key may for 
example be transferred fitom the user's desktop computer system such as 407 to the user's 
mobile device via a physical connection (not shown in Fig. 4). After decryption of die 
message body, a user interface on the mobile device can then present the unencrypted 
message on a display of the device. 

By re-organizing the original message as described above, all unnecessary encrypted 
versions of the session key are removed from the original message, thereby reducing the size 
of a message sent via a wireless network to a mobile device. For an SMMB message, since 
a mobile device receives only its corresponding encrypted version of die session key, the 
Recipientlnfo list is not needed and may also be removed, further reducing message size. 
Since the number of encrypted versions of a session key and die size of a Recipientlnfo list if 
present increases with the number of recipients in an original message, message size 
reduction can be particularly effective for original messages wifli large numbers of recipients. 

Although the example system shown in Fig. 4 includes a message server 405 and 

system 409 m a corporate LAN 406 behind a security firewall 403, die system is also 

applicable to odier types of systems, for example where mobile device user has a computer 

system connected to the Internet dkecfly or through an ISP for example. In tiiis case, die 

desktop computer system implements die wireless connector system, preferably as a desktop 

version of wireless coimector system operating wifli an electronic message program operating 

at the desktop computer system. Examples of electronic message programs include, but are 
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not limited to, MS Outlook, Lotus Notes, and Eudora. The programs may access mail stored 
at a first data store device (not located at the desktop computer) through one or more means 
including POP. . The desktop-based wireless connector in conjunction with the electronic 
message program would send received messages to the user's mobile device, via the wireless 
network 410, and performs the message size reduction operations described above. 

Fig. 5 is a block diagram illustrating received signed message size reduction. The 
overall system shown in Fig. 5 is similar to system of Fig. 4, with system components in Fig. 
5 being substantially flie same as similarly labelled components in Fig. 4, although its 
operation is somewhat different as will be described below. 

For illustrative purposes, it is assumed Aat a user sending an e-mail message bom the 
system 502 to both users A and B decides to sign the message to so that users A and B may 
confirm the sender is the true sender of the message and that what is received is what was 
sent by the sender. In order to allow a message receiver to confirm that the sender^s signature 
is authentic, flie e-mail sender 502 normally attaches their Cert, any other Certs in a Cert 
chain, and possibly a cmrent CRI* The secure message that is sent from the e-mail sender 
502 may thus have a form as shown at 516, including the sender's Cert, Cert chain, CRL and 
digital signature 518 and the message body 520. In S/MIMB, Certs, chams, CRLs and 
signatures are normally placed at the beginning of a message body as shown ia Fig. 5. 
Messages according to other secure messaging schemes may place message componmts in a 
different order than shown or include additional and/or different components. 

A secure message such as 516 would normally be sent through a WAN 504 such as 

the Intemet to addressed recipients. In Fig. 5, the message is addressed to only two 

recipients, both recipients each having an electronic mailbox account associated with the 

same message server 505, although the system is in no way limited thereto. The example 

system in Fig. 5 is merely a system example and is intended only for illustrative purposes. 
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Once received by the message server. 505, the secure message is routed to each 

recipient's e-mail account on the server 505. The wireless connector system 509 detects the 

new message and also determines whether or not the message should be sent via the wireless 

network to a mobile device for any recipient. If so, then the system 509 renirganizes the 

message to place the message body first, foUowed by the digital signature and then the Cert, 

Cert chain and CRLs. The Cert, Cert chain and CRLs are then preferably stored by the 

system 509 at the host system. A message including at least the message body and digital 

signature is then sent, via the wireless network, to the mobile devices 512 and 514 of the 

recipients, users A and B, as shown at 522 and 526. The digital signature 524, 528 is 

effectively a truncated form of the original signature, Cert, Cert chain and CRL component 

518. Although labelled dififerenfly in messages 522 and 526, the signatures 52* and 528 are 

actually the same signature generated by the e-mail sender 502. The Cert. Cert chain and 

CRLs are not initiaUy sent to the mobile devices 512, 514 with the message body and 

signature, based on an assumption that the Certs and CRLs may already have been pte-loaded 

onto a storage device in the devices, for example using a physical connection 515, 517 to the 

user's desktop computer system 511, 513. It is also possible that the sender's Cert and Cert 

Cham may have been attached to a previous secure message sent, via the wireless network, to 

the mobile devices 512, 514 and subsequently stored on the mobile devices. An up-to-date 

CRL might similariy akeady be available on' die mobfle devices 512, 514. In tiiese 

circumstances, a Cert, Cert chain and CRL would not be used at the mobUe devices 512, 514 

even if they were sent If any of diis information is required but not available on the mobUe 

devices 512, 514, it may then be requested fitran die woeless connector system 509. 

As described above, a user may view tiie content of a signed message without first 

verifying a signature. The Cert, Cert chain and CRLs are only required when a mobUe device 

user, user A for example, wishes to verify die signature 524 on the message ftom die e-maa 
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sender 502. If these components are available on the mobfle device 512, then signature 
verification ojterations may be completed without further communications between the 
mobUe device 512 and the LAN 506. However, if this Cert and CRL infomiation is not 
available for a message sender fcom which a signed message is received, then accMding to 
another aspect of die system, tiie user can submit a request to the system 509 to send tihe rest 
of the message original message, particularly any Certs and CRLs that were removed before 
the message was sent, via the wireless netwo± 510, to the mobile device and stored at the 
host location (LAN 506) by the system 509. The Certs and CRLs, once received at the 
mobile device 512, allow the signatore to be fully checked and voified. 

Removal of relatively bulky C».e., large byte-sized electronic data) Certs and CRLs 
ftom received signed messages , before they are transmitted to mobile devices can 
significantly reduce the size of signed messages that are transferred through the wireless 
network 510, thereby conserving wkeless networik resources, and reducing flie bandwidth and 
time required to transmit signed messages to mobile devices. 

In a further embodiment of this aspect of the system, a user's host system 511, 513 
includes a Cert synchronization system, shown in further detail in Kg. 6, which is a block 
diagram qf a system m which the size of a signed messa^ is reduced based on infomiation 
stored at a mobile device. In Fig. 6, system componwits outside the host system location at 
which die wireless connector system is operating have not been shown in order to avoid 
congestion in the drawing. Connections between the message server and host computer 
systems have also been omitted for clarity. It should be apparent, however, that the system 
shown in.Hg. 6 may include such other components and connections as are common in 
messaging systems. 

The example system In Hg. 6 includes a message server 602, wireless connector 

system 604 and two desktop computer systems 606, 614. Each desktop computer system 
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includes a physical connection 608, 616 through which Certs, CRLs, and possibly other 
relatively bulky information may be transferred to a user's mobile device (not shown). 
According to this embodiment of the system, each desktop computer system 606, 614 
includes a Cert synchronization (sync) system 610, 618, which in most implementations wiU 
be a software application. The Cert sync systems 610, 618 interface with the physical 
connections 608, 616 and data stores 612, 620 on the host computer systems 606, 614. The 
data stores 612> 620, as those skilled in the art will appreciate, could possibly be any 
computer storage medium, including for sample a local hard disk drive or other memory 
unit It is also contemplated that Certs and CRLs, which are public information, could be 
shared between computer systems within a network for example, such that the stores 612, 620 
are actually the same data store, for example on a network file server/ 

Using the Cert sync system 610, user A can preferably select and transfa: Certs and 
possibly CRLs if desired, to his or her mobile device when the mobile device is connected to 
the desktop computer system via the connection 608. However, smce CRLs tend to be lai^e 
and thus requke significant memory resources for storage, users will likely most often 
transfer only Certs to mobile devices. The Cert sync system may then be configured to 
consult a corresponding CRL to ensure that a Cert has not been revoked before the Cert is 
transferred to a mobile device, or alternatively to remove any revoked Certs from a list of 
Certs available for download On a device. Certs could be stored in a data store such as a 
Random Access Memory O^AM), flash memory or other such memory component to which 
data niay be written on a mobile device. Certs .may instead possibly be written to a 
removable memory card, smart card or similar component with which a mobile device is 
designed to operate. 

As shown in Fig. 6, each Cert sync system 610, 618 is also enabled for 

communication with the wireless connector system 604. This allows a Cert sync system to 
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inform the wireless connector system of which Certs have been loaded onto a user's mobile 
device. This may be accomplished for example by transmitting either a complete up-to-date 
list of all Certs on a device or a list of Cert additions and deletions each time a Cert sync 
system is used to perform any device-related operations. Cert updates could also be sent to 
the wureless connector system 604 whenever new Certs are detected on a mobile device by a 
Cert sync system when the mobile device is connected to its desktop computer system. 
Although the Cert sync system is useful for loading particular Cwts for entities ftom which a 
mobile, device user ejcpects to receive signed messages, there may be situations in which a 
mobile device user obtains a Cert from other sources such as a CA. In this case, a Cert sync 
system could be configured to determine whether any Certs have been loaded onto a mobile 
device smce flie last Cert transfer using the Cert sync system, and if so, to transmit a device 
Cert update to the wireless connector system 604. 

When such a device Cert update is received from a desktop computer system 606, 
614, a user proiHe ma i nt ai n ed for the particular user by the wueless connector system 604 in 
a data store 622 is updated. Although the user proJBles 624, 626 may mclude such 
information as user name, configuration settmgs to control which messages are sent over the 
wireless network, mobile device identification information and possibly furtiier user-, 
configuration- or mobile device-related information, the wireless connector system 604 
preferably also stores a list of Certs fliat are stored on a user's mobile device. In the example 
shown in Fig. 6, user A's mobile device stores a Cert for an entity X, as indicated by [Cat 
X], whereas user B has stored a Cert for entity Y, [Cert Y], on their mobile dievice, A single 
Cert is shown in die user profiles 624, 626 for illustrative purposes only; a mobUe device 
preferably has sufficient memory resources to store multiple Certs. 

When a signed message 628, including a Cert, Cert chain CRLs and digital signature 

component 630 and message body 632, arrives at tiie message server 602, it is detected by the 
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wireless connector system 604 as described above* The original message is then rearranged 
such that the message body is placed first, followed by the digital signature and signature- 
related information. In accordance with this embodiment of the system, the wireless 
connector system 604 then determines if any of the signature-related information is required 
by each mobile device to which the message is to be sent, by consulting the user profile for 
each addressed mobile device user. Since the sender's Cert, Cert X, has been stored to user 
A's mobile device, a rearranged message 634, including only the message body 632 and 
digital signature 636, is sent to user A*s mobile device. Although a Cert for an entity Y has 
been stored on user B's mobile device, die Cert X for the send^ of the original message 628 
is not available on user B's mobile device, such that the rearranged message to user B's 
mobile device includes both the message body 632 and signature-related information and 
digital signature component 630. As above, the wireless connector system 604 may instead 
store the signature-related information for later transmission to user B*s mobfle device and 
iniliaUy send only the message body and digits dgnature. 

The use of a C«t sync system 610, 618 and device signature-related mfonnation 
accessible to the wireless connector system 604 allows the wireless connector system 604 to 
determine the information that a particular mobile device requires and to remove any 
unnecessary information from a message sent to that mobile device. Instead of assuming that a 
mobile device may have stored a Cert as in the preceding embodiment, the wireless connector 
system 604 can determine whether or not the device has stored die Cert The user profiles may 
also possibly be used to specify other configuration settings, to indicate for example tiiat CRLs 
should never be sent to a user's mobile device or that signature-related information should only 
be sent to a user's mobile device only if requested. 

In reference now to Figs. 7 and 8, the impact of performing either message signing or 

encryption first, to generate a message tiiat is botii signed and encrypted, will be discussed. 
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When a message is enciypted iBrst and then signed, one set of re-organizing and/or message 
reduction schemes can be applied. When a message is signed first and then encrypted, other re- 
organizing and size reduction techniques are applicable. As will be apparent, only a host 
location portion (message server and wireless connector system) of a messaging system is 
shown in each of Figs. 7 and 8. 

Hg. 7 is a block.diagram illustrating secure message size reduction for a received 
message , that has been encrypted and flien signed. Such a message 706 would typically 
include a message body 710 that is encrypted using a one-time session key established by the 
sender. The session key is then encrypted using a public key of each intended message 
recipient, in this example users A and B, to generate an encrypted session key 712, 714 for 
each user. The encrypted message body 710 and encrypted session keys 712, 714 are then 
signed, substantially as descaibed above. Although signing is performed after encryption, the 
message component 708, with a Cert, possibly a Cert chahi and one or more CRLs in addition 
to the digital signature, may be at the beginning of the secure message as m S/MIMB for 
example. 

This enciypted and signed message 706, with the session keys 712, 714 and digital 

signature and signature-related information 708, is received by the message server 702, which 

processes the message and places it into the appropriate mailboxes for users A and B. The 

wireless connector system 704 detects the new message and begins the process to send the 

message to each recipient that has a mobile device. Before the message is sent to a mobile 

device, the digital signature and Cert section 708 of the message is preferably at least 

rearranged such that tiie digital signature and signature-related information is moved to the 

end of the message. Since the encrypted message body 710 and session keys 712, 714 are all 

signed, only the signature and signature-related information can be rearranged or removed 

from the message. If the wireless connector system 704 were to process the message 706 to 
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rearrange or remove any of the signed components before sending the message to a mobile 
device, the signature verification will fail at the mobile device. 

As described above, the wireless connector system 704 may remove the Cert, as well 
as any Cert chain and CRLs if included in the message 706, and store ttese components for 
later transmission to mobile devices. Where the wireless connector system 704 can 
determine which Certs are available on an addressed recipient's mobile device, the Cert could 
be sent only if it is not available on the mobile device. In the example shown in Hg. 7, only 
the digital signature 718 and signed components 710, 712, 714 of the original message 706 
are sent in a message 716 to user A. This would occur when all signature^related information 
is removed before a received message is sent or when the wireless connector system 704 
detects that the sender's Cert in the origmal message 706 has been loaded onto user A's 
mobile device. In the case of user B, both the Ccit and the digital signature 722 are sent 
along with the signed components 710, 712; 714 in a message 720 to user B's mobile device, 
if the wireless connector system 704 determines diat the Cert in the origmal message 706 has 
not been loaded on user B 's mobile device for example. 

Therefore, when a secure message is encrypted and then signed, a digital signature 
and any signature-related ioformation may be rearranged to the end of the message and some 
or all of the signature-related information may be removed from the message. 

Fig. 8 is a block diagram illustrating secure message size reduction for a received 

message that has been signed and then encrypte± In this case, a sender generates a digital 

signature for a composed message and attaches the digital signatum, Cert, and possibly a Cert 

chain and CRL to the message. For an S/MIME message, flie digital signature. Cert and any 

chained Certs and CRLs are attached at the beginning of the message. The entire signed 

message is then encrypted usmg a one-time session key, and the session key is encrypted for 

each receiver addressed in the message, using the public key of each receiver, as described 
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above. The resultant message is shoAvn at 806, including a digital signature and signature- 
related information 808 and a message body 810, both encrypted using the session Icey, 
followed by encrypted versions of the session key 812, 814 for each receiver. 

When the . signed and encrypted message 806 is received and placed into the 
appropriate mailboxes for users A and B by the message server 802, the wireless connector 
system 804 detects the new message and determines if any of the addressed message 
receivers has a mobile device (not shown) and whether or not the message is to be sent to a 
mobile device, Jf so, then a message is prepared for sending to each mobile device including 
the encrypted portions of the original received message and only the particular session key 
corresponding to the mobile device. In Hg. 8, tihe digital signature and signature-related 
informarion 808 is encrypted and thus cannot be identified and rearranged by the wireless 
connector system 804. Therefore, the messages 816, 818 sent by the wireless connector 
system 804 to the mobile devices of users A and B each include the encrypted digital 
signature and signature-related information 808 and the signed and encrypted message body 
810 of the origmal message and only the respective encrypted session key 812, 814 for the 
mobile device. At each mobile device, the session key can be decrypted and used to decrypt 
the encrypted portions 808, 810 of the message to expose the origuial message body, the 
digital signature and the signature-related information components. The message may then 
be viewed and digital signature verijBcation can proceed on each mobile device. . 

As described above, when the wireless connector system 804 sends only the required 
encrypted session key to each mobile device, the Recipientlnfo field (not shown) may also be 
removed from an encrypted message to further reduce the size of a message transmitted over 
a wireless network. 

The embodiments of the system described above focus on rearranging and reducing 

the size of a secure message before sending it to a mobile device. Several further 
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embodiments which provide different ways to pre-process a message to reduce data that must 
be transmitted over the air to a mobile device will now be described. One advantage, of 
message pre-processing is that alternative techniques can be applied to messages that are both 
signed and encrypted, which are the most difficult messages to rearrange to reduce size, as 
will be apparent from the foregomg description. 

Hg. 9 is a block diagram showing an encrypted message pre-processing system. The 
overall system is similar to the systems described above, in that the components sh6wn in 
Kg. 9 are substantially the same as similarly labelled components ki preceding Figures. As 
shown at 916, an encrypted e-mail message from an e-mail sender 902 addressed to users A 
and B includes an encrypted message body 918, and two encrypted session keys 920 and 922. 
As will be apparent to those skilled in the art, the portions of the encrypted message 918 need 
not necessarily be in the order shown in Kg. 9. In this example, it is assumed that a user's 
desktop computer system, one of which is shown at 907, and the user's mobile device 912 or 
914, ^ectively share a common address, a feature supported by the wireless connector 
system 909. However, in some systems, a message might be addressed to both the user*s 
mail account on a message server 905 and the user's wireless mail account When wireless 
connector system 909 is implemented, it is more likely that the message will be addressed to 
a user's account on the message server 905. 

In a preferred embodiment of the system, it is possible to share a single private key 

between a user's desktop computer system 907 and mobile device 912, 914 by loading the 

private key into the mobile device using, for example, the physical connection 50 and 

interface 65 as shown in Fig. 1 or some other trusted wired or wireless transfer mechanism. 

Where a user's desktop computer system 907 is configured for operation with a smart card or 

similar removable security-enabling component, fliis private key loading could be performed 

by a user by inserting their smart-card into a card reader and running a component of the 
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wireless connector system 909, and/or possibly a software component on the desktop 
computer system 907, to load the private key from the card reader directly into a memory of a 
mobile device. Alternatively, a card reader could be integrated into the mobile device to 
allow a user to access a private key using either a desktop computer system or a mobile 
device. Such private key sharing provides for mirrored e-mail stores at the two locations, i.e* 
a user's desktop computer system 907 and mobile device 912 or 914. 

1 

When the message 916 is sent by the sender 902, it is eventually routed through the 
WAN 904 to the message server 905 for processing and forwardmg to the e-mail accounts of • 
the addressed receivers, users A and B. The wireless connector system 909 detects the new 
message and determines whether or not it should be sent to a mobile device of any of die 
receivers. In accordance with m aspect of the system, for each receiver for which the 
message is to be sent to a mobile device, the wireless connector system 909 decrypts the 
message usmg the session key, re-enci!ypts the message using a different key and possibly a 
dilEfeient encryption algorithm corresponding to a wireless-friendly security scheme 
unplemented between the wnreless. connector system 909 and its associated mobile devices 
912, 914, and sends the re-encrypted message to the receiver's mobile device. Such re- 
encrypted messages are shown at 924 and 926. 

Since each version of the session key is encrypted with a specific public key of a 

particular mobile device 912, 914, the wireless connector system 909 must somehow decrypt 

the session key before the message body can be decrypted and re-encrypted. In one 

embodiment of this aspect of the system, the wireless connector system 909 extracts the 

correct session key 920, 922 for each mobile device 912, 914 to which the received message 

is to be sent and sends it to each mobile device. For example, after extracting the correct 

encrypted session key for a mobile device user such as user A, the wireless connector system 

909 may build a message that contains only the encrypted session key 920. The mobile 
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device 912 receives this message and extracts the session key 920 from the message. The 
session key is then decrypted, preferably re-encrypted according to the above vmdess- 
friendly security scheme, and sent back to the wireless connector system 909, The wireless 
connector system 909 then decrypts the re-encrypted session key and uses the decrypted 
session key to decrypt the encrypted message body on behalf of user A. The decrypted 
message body can then be re-encrypted according to the wireless-friendly security scheme 
and sent to mobile device 912. The xe-encrypted message may dien be decrypted on the 
mobile device 912 and displayed to user A. A similar process would be performed between 
die wireless connector system 909 and each mobile device to which a received encrypted 
message is to be sent 

This decryption of a message by the wireless connector system 909 reduces the 
amount of complex public key decryption operations that must be performed on a mobile 
device. Additionally, this allows the wireless connector system 909 to send only portions of 
the message to each mobile device, in the case of a large e-mail message. Although the 
session key and message exchange described above could be repeated for each user, once the 
session key is decrypted and returned to die wireless connector system 909 by one mobile 
devipe and the encrypted message body is deciypted, the decrypted message body could dien 
be re-encrypted for each mobile device to which the message is to be sent. This could 
simplify operations at the wireless connector system 909 m that the encrypted message body 
is decrypted only once, even when the message is to be sent to multiple mobile devices, and 
may also result in faster message transmission to some mobile devices, since a response with 
a re-encrypted session key need xmly be received by the wkeless connector system 909 from 
one mobile device, not from each mobile device to which a message is to be sent 

In some systems in which a desktop computer system such as 907 and a mobile 

device share a common private key, the private key might be accessible to the message server 
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905 and wireless connector system 909. Although this may be an unlikely scenario 
depending upon how private key technology evolves, this method does'have the advantage of 
reducing the number of steps in an encrypted message decryption and transmission process, 
and also removes the need to send the decrypted session key over die air. As in the preceding 
embodiment, decryption of a message by the wireless connector system 909 reduces the 
number of public key operations that a mobile device must perform. 

According to this embodiment of the system, the wireless connector system 909 has 
access to the private keys, for any addressed receivers for which it provides wireless 
conmiunication service. Instead of sending an encrypted session, key directly to a mobile 
device as in the precedmg embodiment, the wireless connector system uses the private key 
shared with die device to decrypt the session key. The session key is then used to decrypt the 
encrypted message body. For user A for example, the wireless connector system 909 would 
extract the encrypted session key 920 from the message 916, decrypt the session key usmg 
user A's private key, and use the session key to decrypt the encrypted message body 918. 
Once the message body is decrypted, it is re-encrypted using a wireless-friendly encryption 
method and transmitted to the appropriate mobile device, substantially as described above. 
The mobile device dien decrypts the message and presents it to the user in its original form. 
This procedure provides the fastest message delivery time with the least amount of public key 
operations, which tend to be very processor- and power-intensive, on a mobile device. 

It will be apparent that decryption and re-encryption of encrypted messages by the 

wireless connector system 909 would normally represent a security concern. However, in the 

system shown in Fig. 9, die decryption and re-encryption are performed behind the security 

firewall 903 and decrypted information therefore remains as secure as any other information 

in the corporate LAN 906. When a strong encryption scheme such as 3DES is used between 

the wireless connector system 909 and mobile devices 912, 914, any previously decrypted 
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information, including decrypted messages or session keys, remains secure while being 
transferred between the wireless connector system 909 and mobile devices 912, 914. 

Fig. 10 is a block diagram of a signed message pre-processing system. Hie system in 
Fig. 10 is similar to the system in Fig. 9, with similarly labelled components in Figs. 9 and 10 
being substantially similar^ although the system of Fig. 10 pre-processes signed messages. In 
Fig. 10, digital signature verification is performed on behalf of a mobile device user at the 
user's host system location (LAN 1006), dius saving die transmission of the digital signature 
and typically bulky signature-related data. 

A message 1016 signed by an e-mail message sender 1002 would include a digital 
signature component 1018 and a message body component 1020, as described above. When 
the signed message 1016 is received and forwarded to appropriate mailboxes by the message 
server 1005, the wireless connector system 1009 detects the new message and determines 
whether or not it should be sent to one or more mobile devices. In the example in Rg. 10, the 
message should be sent to both m6bile de\dces 1012 and 1014. 

The wireless connector system 1009 then detects diat the message has been signed 

and attempts to find the public key of the sender. This public key could be retrieved from a 

local storage area or possibly from a PKS 1028 somewhere on the WAN 1004. Once the 

public key of the sender is retrieved, the (Ugital signature can be verified by the wireless 

connector system 1009 on behalf of each mobile device user. A message is then prepared 

and forwarded to each mobile device 1012, 1014, preferably including an indication as to 

wheflier or not the digital signature was verified. As shown at 10214, 1025 and 1026, 1027, 

the origmal message body 1020 and signature indication are re-enveloped and possibly 

encrypted for security before being sent to the mobile devices 1012, 1014. Altiiough the 

signature indication is not necessarily confidential, encryption tiiereof prevents an 

unauthorized party from inserting an incorrect signature indication or changing a signature 
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indicadon. At each device, the outer envelope is removed and the message and signature 
indication are decrypted if necessary before being presented to the user. 

Fig. 11 is a block diagram illustrating secure message pre-processing for a received 
message that has been encrypted and then signed. In order to avoid congestion in the 
drawing, only the message server 1102 and wireless connector system 1104 are shown. It 
should be apparent to those skilled in the art that these components could be implemented in 
a system such as shown in the preceding drawings. 

A secure message 1106 diat has been encrypted and then signed may mclude such 
components as a digital signature and signature-related information component 1108, an 
encrypted and signed message body 1110 and encrypted and signed session keys 1112 and 
1114. Generation of such messages has been described m detail above. When such a 
message is received at the message server 1102 and distributed to appropriate user mailboxes 
for users A and B, the wireless connector system 1104 detects the new message and 
determines, in this example, that the message is to be sent to the mobile device of each of 
users A and B. Smce the message has been both signed and encrypted, pre-processing of the 
message includes several steps from each of the pre-processing schemes described above in 
conjuncdon with Figs. 9 and 10. 

The message 1106 has been encrypted first and signed second, such that the wireless 

connector system 1104 preferably first verifies the digital signature using the sender's public 

key. This key may be retrieved firom a local memory or through a PKS for example. 

Wheth^ or not the sender's digital signature is verified, pre-processing may proceed to 

obtain the session key used to encrypt the message. As described above, this may be 

accomplished by the wheless connector system 1104 by sending to a mobile device a 

corresponding encrypted version of the session key or, if the device's private key is 

accessible to the wireless connector system 1 104, by accessing the private key and decrypting 
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the session key. Once the session key has been decrypted by or returned to the wkeless 
connector system 1104, the message can be decrypted. The decrypted message, and 
preferably a signature indication that the message was signed and whether or not the digital 
signature was verified, are then re-encrypted using a wireless Mendly encryption algoriflim 
and sent to each mobile device to which the message is to be sent As shown at 1116 and 
1122, the messages sent to the mobile devices of users A and B include the message body 
1118, 1124 and a signature indication 1120, 1126, both of which are preferably encrypted 
Each mobile device can then decrypt (he message 1116, 1122 and present the message and 
signature indication to the mobile device user* 

Hg. 12 is a block diagram similar to Fig. 11 but iUustradng secure message pre- 
processing for a received message that has been signed and tiien encrypted As in Hg. 11, 
only a message server 1202 and wireless connector system 1204 are shown in Rg. 12 to 
avoid congestion. However, it should be appreciated that the arrangement in Hg. 12 would 
normally be implemented as part of a larger system such as shown in Fig. 1 for example, 
which enables electronic message exchange, 

A signed and then encrypted message, as described above and shown at 1206, 
typically comprises a digital signature and signature-related information component 1208 and 
a message body component 1210, both of which wwe encrypted by a sender using a one-tune 
session key, as well as encrypted versions of the session key 1212, 1214 for each addressed 
recipient of the message 1206, m this example users A and B. When the message 1206 is 
received by the message serv^ 1202 and distributed to appropriate user mailboxes, the 
wteless connector system 1206 detects the new message and determines to which, if any, 
mobile devices the message is to be sent 

Since the message 1206 has been signed first and then encrypted the wureless 

connector system 1204 must first decrypt the message before any further pre-processing can 
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be perfonned. To this end, the wireless connector system 1204 obtains the session key, 
which as described above may be accomplished by sending the conesponding respective 
encrypted session key to a mobfle device for decryption or by accessing a user's private key 
and decrypting the session key. Once the session key has been returned to or decrypted by 
the wireless connector system 1204, the message 1206 can be decrypted and the digital 
signature and signature-related information extracted- As described above, die digital 
signature can then be checked by retrieving the public key of &e sender. A signature 
mdication is then generated and attached to the message body. The message and indication 
are then preferably encrypted using a wireless-friendly encryption method and transmitted to • 
each mobile device to which &e message is to be sent As shown at 1216 and 1222, a 
message to a mobile device includes tihe body of the message 1218, 1224 and an indication 
1220, 1226 that the message had been signed and whether the digital signature was verified 
At a mobile device, the transmitted message is deaypted to retrieve the original message and 
the signature indication. 

Figs. 13 and 14 show a flow chart illustrating a method for pre-processing signed, 
encrypted or signed and encrypted messages before sending them to a mobile device. In 
these drawings, it is assumed that a message has been received and placed into a message 
storage location and that a wireless connector system has detected the new message. It 
should be apparent that the method shown in Figs. 13 and 14 applies to those messages that 
the wireless connector system determines should be processed, that is, messages to be sent to 
one or more mobile devices. 

Turning now to Fig. 13, the method begins at step 1300 when a message that is to be 

sent to a mobile device arrives firom a message sender. The wireless connector system then 

checks to see if the message is in plam text, at step 1305. This check can be performed for 

example by checking the MIME type of die message, and/or looking for attachments with a 
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certain format and MIMB type. If the message is plain text, then it is routed to each of the 
mobile devices. If the information is not plain text, then a check is made to determine if the 
message was signed but not encrypted (i.e. signed only) or signed last, at step 1315. If the 
message was not signed only or signed last, .this would mean the message may have been 
encrypted but not signed (i.e. encrypted only) or signed first and encrypted last, and the 
encryption would have to be processed first A determination as to whether or not the 
message was encrypted only or encrypted last is made at step 1320. IF it is determined that 
the message was not encrypted only or encrypted last, then the message may be a plain text 
message or a signed only or signed last message that was not detected steps 1303 or 1315, or 
die message has a format that the wirel^s connector system cannot handle. In dther of these 
cases, an error may be declared, as indicated at 1325. As those skilled m die art will 
appreciate, error handling will, be dependent upon the system in which this method is 
implemented. If the message was encrypted only or encrypted last, the method proceeds to 
process the encryption, at step 1330, which is shown in detail in Hg. 14 and described below. 

If the message has been signed only or signed last, as determined at step 1315, then a 
digest of the message is generated at step 1340, as described above. The digital signature 
attached to die message is then detected at 1345. In order to continue with digital signature 
verification, the public key of the sender is retrieved at step 1350 from local memory, from a 
PKS or similar system or possibly fiom a Cert attached to the original message, included in a 
Sign^Mo component of the message for example. The digest m the detected digital 
signature is the extracted and the signature on the digest is verified, at step 1355, using the 
public key of die sender. 

The digests A and B are then compared at step 1360 to determine if they match. It is 

also determined whether or not the signature of the digest was verified. If either of these 

conditions is not satisfied, then the signature was not verified, and a 'failed" or like signature 

39 



wo 02/101605 PCT/CA02/00889 

indication would be attached to the message at step 1365. If both conditions are met, then the 
signature was properly verified and a "verified" or similar signature indication is added to the 
message at step 1370. 

At step 1375, it is determined whether or not the message is still encrypted. If so, for 
a message that was encrypted and then signed, the method continues at step 1380 to process 
encrypted data, as shown in Fig. 14 and described in further detail below. If the message is 
not still encrypted, dien a check may be made at step 1385 to determine whether or not it had 
been CTarypte± For a signed first and encrypted last message, message decryption would 
have been completed before signature verification. If it had been encrypted, then a message 
including the appropriate signature indication, an encryption indication or flag which 
indicates tiiat the message had originally been encrypted and the message body, is 
constructed and sent to the mobile device at step 1395. Otherwise, the message sent to the 
mobile device at step 1390 includes the signature indication and the message body. 
Alternatively, if a mobile device user does not need to know whether or not a message was 
originally encrypted, which could be a configurable setting stored in a user profile accessible 
by the wireless connector system, step 1375 could proceed dkectiy to step 1390 and no 
encryption indication is sent 

Although not shown in Hg. 13, the encodmg, compression and encryption schemes 
described above may be employed by the wireless connector system as part of steps 1390 and 
1395 before pre-processed secure messages are sent to a mobUe device. 

Turning now to Fig. 14, method steps associated widi processing of encrypted parts of 
a message are shown. Encryptioa processing may begin either when a message has been 
encrypted last or encrypted only (step 1330) or when signature verification operations have 
been completed for an encrypted and then signed message (step 1380). 
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The first step in processing the encrypted data is to locate the encrypted session key 
for the particular mobile device user, at step 1410, by using a Recipientlnfo field of the 
received message for example. At the next step 1415, the wireless connector system 
generates and sends to the mobile device a message that contains the encrypted session key, 
as described above. This message may have text for the user to provide such information 
about the message as the size, date and originator Qf the message, with an indication that it is 
encrypted When this message is received at the mobile device, it is determined, by a secure 
messaging software application on tfie mobile device for example, whether or not the private 
key that can be used to decrypt the session key is available on the device, at step 1425* If the 
device does not have the correct private key or the user does not want to decrypt the message, 
then the message cannot be viewed by the user on the mobOe device. Otherwise, as an 
optional step 1435, the user may be given the choice to decrypt the session key (step 1435), 
for example via a menu in a message list of the mobile device. The decrypted session key is 
then passed back to the wireless connector system and die original message is decrypted, at 
step 1440. 

Once the decryption is complete, a test is performed at step 144S to determine if a 
digital signature is to be verified If so, then the method proceeds at step 1450 to process the 
digital signature as described above with reference to Fig. 13. If thtso is no digital signature 
to be verified, then a further test is performed at step 1455 to determine if a digital signature 
was akeady processed If the digital signature was already processed, i.e. when encryption 
processing begins at step 1380, the decrypted message with, the signature indication and 
possibly an encryption indication described above are sent to the mobile device at step 1460. 
Otherwise, if the message was not signed, then the decrypted message and possibly an 
encryption indication are sent to the mobile device, as shown at step 1465. 



41 



wo 02/101605 PCT/CA02/00889 

The flow chart shown in Figs. 13 and 14 is intended for illustrative purposes only and 
not to limit the scope of the system. The steps outlined in the flow chart may be performed in 
a different order, some of the steps may be combined with other steps or omitted, and further 
steps and operations may be performed. For example, the order in which operations are 
performed for digital signature verificaidon may be different than shown m Fig..l3. Jn sotiie 
systems, the digital signature might be detected before the digest A is generated, or digest B 
might be recovered before digest A is generated Also, message pre-processuig could be 
halted at step 13.60 if the digital signature is not verified. Other variations of the method in 
Figs. i3 and 14 will be apparent to tiiose skilled in the art and as such are considered to be 
within the scope of the invention as described and claimed herein. 

Hg* IS is a flow chart of a method for post-processing signed or encrypted and then 
signed messages sent Sxm a mobile device. Similar to the message pre-processing 
embodiments described above, a mobile device and host system operating with a wireless 
coimector system can be configured sucih tbat the host system post-processes messages sent 
from the mobile device. 

In Fig. 15, the method begins at step 1500 when a user composes a message on a 
mobile device. When the mobile device is enabled for secure communications, the user may 
select at step 1505 additional message security features, including in the «ample of Kg. 15 
"signed last", i.e. encrypted and then signed, or "signed only*' message security. This type of 
message security could be provided for example by using SMSME or some other possibly 
proprietary secure messaging scheme. 

A test is then performed at step 1510 to determine if the user has selected to encrypt 

the message before signing. When the message is to be encrypted before signing, a session 

key is generated at step 1515, the message is encrypted usmg the session key at step 1520, 

and the session key is then encrypted at step 1525 using die public key of each intended 

42 



wo 02/101605 PCT/CA02/00889 

message receiver. These public keys are preferably stored in a memory on the mobile device, 
but may instead be requested from an external source such as a PKS or like system if 
required 

When the message has been encrypted, or the message is not to be encrypted, the 
method continues at step 1530, and the message, as well as the encrypted versions of the 
session key if the message was encrypted, is passed to a digest function and the user's private 
key is used to generate a digital signature, at step 1530. Instead of attaching signature-related 
infonnation such as the sender's Cert, Cert chain and any CRLs to the message at the mobile 
device for transfix to the wireless connector system at the host system over the air» the mobile 
device preferably includes in the message sent to the host system a signature-related 
information indication which is processed by the wireless connector system to determine 
what if any signature-related information should be attached to the message. This allows a 
mobile device to send signed messages through a host system while avoiding the transfer of 
buU^ signature-related mformation via wireless conunimication links. Hierefote, at step 
1535, the mobile device sends to the host system the original message (now possibly 
encrypted), the digital signature, and the signature-related information indication, as well as 
one or rnore encrypted session keys if the message was encrypted All of this information 
may be encoded, compressed and encrypted using a wireless-friendly method before it is sent 
to the host system. 

Post-processing of such a message at a host system begins at step 1540. The wireless 

connector system operating at the host system extracts the signature-related information 

indication from the message and determines what signature-related information should be 

included with the message. The appropriate signature-related mformation identified in the 

extracted signature-related information indication, including for example the sender's Cert, as 

well as possibly chained Certs and CRLs, is attached to the message at step 1545. The 
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message, digital signature and attached signature-related information are then sent from the 
host system to all receivers, at step 1550, 

When a mobile device user composes a message and selects only message encryption 
or signing and then encryption, post processing of the resultant encrypted message may be 
performed at the host system if the wireless- connector system operating at the host system 
has access to the session key used to encrypt the message. Otherwise, &e host system is 
unable to decrypt such a message and therefore cannot perform post-processing operations on 
the message. In this case, a message composed on a mobile device, along with an attached 
digital signature and any required Certs and CRLs, will be encrypted on the mobile device 
using a session key, and the encrypted message and encrypted versions of the session key will 
be sent firom the niobile device to either the host system, for deUvery to addressed receivers, 
or direcdy to the addressed receivers. Any required Certs and CRLs must be attached to the 
message on the mobile device, and encryption of the entire message and the session key must 
be bandied on die device. 

• However, if die session key could be transferred to the host system, then some of the 
encryption and possibly other secure message processing operations could be performed by* 
the host system, as shown in Eg. 16, which is a flow chart of a method for post-processing 
encrypted or signed and then encrypted messages sent from a mobile device. For example, 
mstead of encrypting the session key usmg the public key of each addressed receiver, the 
session key could be encrypted with the public key associated with the host system or the 
mobile device user's desktop computer system at the host system location. Provided that the 
wireless coimector system has access to the corresponding private key of the host system or 
user, the. session key can then be decrypted at the host system. Similarly, if a wireless- 
friendly security scheme is implemented for communications between the mobile device and 

the wireless connector system operating at the host system, tiien the session key could be 
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encrypted by the mobUe device according to this scheme and then decrypted by the host 
system. This potentially allows the host system, instead of the mobile device, to perform 
several operations that must otherwise be performed by the mobile device. 

Referring now in detail to Fig, 16, a user composes a message on a mobile device at 
step 1600 and selects either encryption only or encryption after signing (encrypted last) 
message security at step 1605. At step 1610, it is determined whether or not the user selected 
to have the message signed and then encrypted. If so, then a digest and digital signature axe 
generated at step 1615, and signature-related information such as the user's Cert, Cert chain 
and any required CRLs are attached to the message at step 1620. When signing is complete, 
or if the message is to be encrypted without first being signed, the method proceeds at step 
1625, where the device generates a session key to be used in encrypting the message. The 
message, along with the attached digital signature and signature-related information if die 
message was signed, is then encrypted using the session key at step 1630. Then, at step 1635, 
the session key is encrypted using either a public tey associated with a private l^y available 
to the wireless connector system operating at the host system, a wireless-Mendly security 
method, or possibly both, and the encrypted message and encrypted session key are sent to 
the host system. Where a wireless friendly security scheme exists, it should be apparent that 
the encrypted message might be double-encrypted for transfer to the host system. Encoding, 
compression and message enveloping techniques may also be applied to the message and 
session key for transfer to the host system. 

When the message and encrypted Session key are received at the host system, any 

encoding, compression, encryption and enveloping that may be applied for data transfa: 

between the mobile device and the host system are reversed by the wireless connector 

system. Where the session key was further enciypted by the device, using a public key for 

example, it is then decrypted by the wkeless' connector system at step 1640 using the 
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coaesponding private key. The wireless connector system, using the decrypted session key, 
can then re-encrypt the session key using the public key of each addressed receiver, at step 
1645, and attach the encrypted session keys to the message before forwarding the message 
for delivery to the addressed receivers, as indicated at step 1650. Encryption of the session 
key for each receiver is thereby o£Eloaded fiom the mobile device to the host system. 

Although not shown in Fig. 16, this method can be extended to provide for more post- 
processing of an encrypted message at the host system. Since the wireless connector system 
at the host system has the session tey, the message itself may be decrypted. Therefore, the 
device need not necessarily attach signature-related u^ormation (its Cert, a Cert cbam or any 
CRLs) to the message before encryption. Instead, as described above in conjunction with 
Hg. 15, a signature-related information indication could be attached to the message. The 
wireless coimector system, using the session key, can decrypt the message, process the 
signature-related information indication and then attach any required signature-related 
informatioiL Once tins information is attaciied, die wireless connectcnr system can then le- 
encrypt die message using the session key and encrypt the session key foe each addressed 
receiver. According to this method, typically bulky signature-related information is added to 
the message by the host system, such that encryption of tiiis information by the device, as 
well as transfer of the information over the air, is avoided. 

If a strong wireless Mendly security scheme is in place between the mobile device 
and the host system, then the messajge and session key, as well as the digital signature and 
any signature-related information indication could be encrypted according to this security 
scheme and sent to the host system. The host system could then attach required signature- 
related information identified in the signature-related information indication to the message, 
encrypt the message, digital signature and signature-related information using the session key 

and then encrypt the session key for the addressed receivers. In this case, the session key 
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could possibly be generated by the host system instead of the mobile device, further reducing 
the amount of data sent from the mobile device. The? mobile device then need only use the 
wireless friendly security scheme to enable secure messaging via such techniques as S/MIME 
and PGP. Message post-processing moves die bulk of data processing operations from the 
mobile device to the more powerful host system. 

Where the host system also has access to die mobile device user's signature key, the 
post-processing concept can be even ftirther expanded to encompass signing of a secure 
message. A mobile device could then transfer to the host system a message, an indication 
that the message should be signed, a signature-related information indication if applicable, an 
mdication that the message should be encrypted, and either a session key or an indication that 
the host system should choose the session key. The host system can then handle all 
encryption and signature operations on behalf of the mobile device. 

Although these techniques reduce both the amount of. data that must be transferred 
from the mobile device and die complexity of device-based processmg operations required 
for secure messaging, encryption at the host system usmg the ses^on key, as well as 
signature generation at the host system, assume either a secure transport between the mobile 
device and host system or that the host system has access to a users' private keys. 

Tommg now to Fig. 17, a block diagram of an exemplary wfreless communication 
device that could be used with the systems and methods described herein is shown. The 
mobile communication device 100 is preferably a two-way conununication device having 
voice and/or data communication capabilities. The device preferably has the capability to 
communicate with other computer systems on the Internet. Depending on the functionality 
provided by the device, the device may be referred to as a data messagmg device, a two-way 
pager, a cellular telephone with data messaging capabilities, a wireless Intemet appliance or a 
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data communication device (with or without telephony capabilities). As mentioned above, 
such devices are referred to generally herein simply as mobile devices. 

The dual-mode device 100 includes a transceiver 1711, a microprocessor 1738, a 
display 1722, Flash memory 1724, RAM 1726, auxiliary input/output (I/O) devices 1728, a 
serial port 1730, a keyboard 1732, a speaks: 1734, a microphone 1736, a short-range wireless 
conmmnications sub-system 1740, and may also include other device sub-systems 1742. The 
transceiver 1711 preferably includes transmit and receive antennas 1716, 1718, a receiver 
(Rx) 1712, a transmitter (Tx) 1714, one or more local oscillatOTS (LOs) 1713, and a digital 
signal processor (DSP) 1720. Within tbe Flash memory 1724, the device 100 preferably 
includes a plurality of software modules 1724A-1724N that can be executed by the 
microprocessor 1738 (and/or the DSP 1720X including a voice communication module 
1724A, a data communication module 1724B, and a plurality of other operational modules 
1724N for carrying out a plurality of other functions. 

The mobile communication device 100 is preferably a two-way communication 
device having voice and data communication capabilities. Thus, for example, die device may 
conununicate over a voice network, such as any of the analog or digital cellular networks, 
and may also conununicate over a data network. The voice and data networks are depicted in 
Fig. 17 by the communication tower 1719. These voice and data networks may be separate 
communication networks using separate infirastracture, such as base stations, network 
controllers, etc., or diey may be integrated into a single wireless network. References to the 
network 1719 should therefore be interpreted as encompassing both a single voice and data 
network or separate networks. 

The communication subsystem 1711 is used to communicate witii flie network 1719. 

The DSP 1720 is used to send and receive communication signals to and from the transmitter 

1714 and receiver 1712, and may also exchange control information with tfie transmitter 1714 
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and receiver 1712. If the voice and data communications occur at a single frequency, or 
closely-spaced set of frequencies, then a single LO 1713 may be used in conjunction with the 
transmitter 1714 and receiver 1712. Alternatively, if different frequencies are utilized for 
voice communications versus data communications, then a plurality of LOs 1713 can be used 
to generate a plurality of frequencies corresponding to the network 1719. Although two 
antennas 1716, 1718 are depicted in Fig. 17, the mobile device 100 could be used with a 
single antenna structure. Infi)rmation, which includes both voice and data information, is 
communicated to and from flie communication module 171 1 via a link between tibe DSP 1720 
and die microprocessor 1738, 

The detailed design of the communication subsystem 1711, such as frequency band, 
component selection, power level, etc., will be dependent upon die communication network 
1719 in which die device 100 is intended to operate. For example, a device 100 intended to 
operate in a North American market may include a conmiunication subsystem 1711 designed 
to operate with ttie Mobitex or DataTAC mobile data communication networics and also 
designed to operated widi any of a variety of voice communication networks, such as AMPS, 
TDMA, CDMA, PCS, etc., whereas a device 100 intended for use in Europe may be 
configured to operate wifli die GPRS data communication network and tiie GSM voice 
communication network. Odier types of data and voice networks, botii separate and 
integrated, may also be utilized with die mobile device 100. 

Depending upon the type of network 1719, die access requirements for die dual-mode 

mobile device 100 may also vary. For example, in die Mobitex and DataTAC data networks, 

mobile devices are registered on die network using a unique identification number associated 

widi each device. In GPRS data networks, however, network access is associated widi a 

subscriber or user of a device 100. A GPRS device typically requires a subscriber identity 

module ("SIM"), which is required in order to operate the device 100 on a GPRS network. 
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Local or non-network communication functions (if any) may be operable, without the SIM, 
but the device 100 will be unable to cany out any functions involving communications over 
the network 1719, other than any legally required operations, such as '9ir emergency 
calling. 

After any required network registration or activation procedures have been completed, 
the dual-mode device 100 may send and receive communication signals, preferably including 
both voice and data signals, over the network 1719. Signals received by the antenna 1716 
from the communication network 1719 are routed to flie receiver 1712, which provides for 
signal amplificadon, frequency down conversion, filtermg, channel selection, etc., and may 
also provide analog to digital conversion. Analog to digital conversion of the received signal 
allows more complex conmiunication functions, such as digital demodulation and decoding 
to be performed using the DSP 1720. In a similar manner, signals to be transmitted to the 
network 1719 are processed, including modulation and encodmg, for example, by the DSP 
1720 and are then provided to ttie transfsdtte^ 1714 fcx cfi^tal to analog conversion, frequency 
up conversion, filtermg, amplification and transmission to the conmotunication network 1719 
via the antenna 1718, Although a single transceiver 1711 is shown in Fig. 17 for both voice 
and data communications, it is possible that the device 100 may include two distinct 
transceivers, a first transceiver for transmitting and receiving voice signals, and a second 
transceiv^ for transmitting and receiving data signals. 

In addition to processing the communication signals, the DSP 1720 may also provide 
for receiver and transmittCT control For example, the gain levels applied to communication 
signals in the receiver 1712 and transmitter 1714 may be adaptively controlled through 
automatic gain control algorithms hnplemented in the DSP 1720. Other transceiver control 
algorithms could also be hnplemented in the DSP 1720 in order to provide more sophisticated 
control of the transceiver 17 1 1 . 
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The microprocessor 1738 preferably manages and controls the overall operation of the 
dual-mode mobile device 100. Many types of microprocessors or microcontrollers could be 
used here, or, alternatively, a single DSP 1720 could be used to carry out the functions of the 
microprocessor 1738. Low-level communication functions, including at least data and voice 
communications, axe performed through the DSP 1720 in the transceiver 1711. Other, high- 
level communication applications, such as a voice communication application 1724A, and a 
data communication application 1724B may be stored in the Flash memory 1724 for 
execution by the microprocessor 1738. For example, the voice conamunication module 
1724A may provide a hig^-level user interface operable to transmit and receive voice calls 
between the dual-mode mobile device 100 and a plurali^ of other voice devices via the 
netwotk 1719. Similarly, the data conununication module 1724B may provide a high-level 
user interface operable for senduig and receiving data, such as e-mail messages, files, 
organizer information, short text messages, etc., between the dual-mode mobile device 100 
and a plurality of other data devices via the netwotk 1719* On the device 100, a secure 
messa^g software application may operate in conjunction with the data communication 
module 1724B in order to unplement the secure messaging techniques described above. 

Hie microprocessor 1738 also interacts with other device subsystems, such as the 

display 1722, Flash memory 1724, random access memory (RAM) 1726, auxiliary 

input/output (I/O) subsystems 1728, serial port 1730, keyboard 1732, speaker 1734, 

microphone 1736, a short-range communications subsystem 1740 and any other device 

subsystems generally designated as 1742. For example, the modules 1724A-N are executed 

by the microprocessor 1738 and may provide a high-level interface between a user of the 

mobile device and the mobile device. This interface typically includes a graphical 

component provided through the display 1722, and an input/output component provided 

through the auxiUary VO 1728, keyboard.1732, speaker 1734, or microphone 1736. 
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Some of the subsystems shown in Fig. 17 perfonn communication-related functions, 
whereas other subsystems may provide •'resident" or on-device functions. Notably, some 
subsystems, such as keyboard 1732 and display 1722 may be used for both communication, 
related functions, such as entering a text message for transmission over a data communication 
network, and device-resident functions such as a calculator or task list or oflier PDA type 
functions. 

Operating system software used by the microprcxjessor 1738 is preferably stored in a 
persistent store such as Hash memory 1724. In addition to the operating system and 
communication modules 1724A-N, the Hash memory 1724 may also include a file system for 
storing data. A storage area is also preferably provided m tiie Hash memory 1724 to store 
public keys, a private key, and otiier information required for secure messaging, the 
ojperating system, specific device applications or modules, or parts thereof, may be 
temporarily loaded into a volatile store, such as RAM 1726 for faster operation. Moreover, 
received communication signals may also be temporarily stored to RAM 1726, before 
permanently writing fliem to a file system located in die persistent store 1724. 

An exemplary application module 1724N that may be loaded onto die dual-mode 
device 100 is a personal information manager (PIM) application providing PDA 
functionality, such as calendar events, appomtments, and task items. This module 1724N may 
also interact witii flie voice communication module 1724A for managing phone calls, voice 
mails, etc., and may also interact witii the data communication module 1724B for managing 
e-mail conmiunications and odier data transmissions. Alternatively, all of the functionality of 
tiie voice conmiunication module 1724A and the data communication module 1724B may be 
integrated into flie PIM module. 

The Hash memory 1724 preferably provides a file system to facilitate storage of PIM 

data items on die device. The PIM application preferably includes the ability to send and 
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* receive data items, either by Itself, or in conjunction with the voice and data communication 
modules 1724A, 1724B, via the wireless network 1719. The PM data items are preferably 
seamlessly integrated, synchronized and updated, via the wireless network 1719, with a 
corresponding set of data items stored or associated with a host computer system, thereby 
creatiag a mirrored system for data items associated with a particul^ user. 

The mobile device 100 may also be manually synchronized witti a host system by 
placing the device 100 in an mteiface cradle, which couples the serial port 1730 of the mobile 
device 100 to the serial port of the host systent The serial port 1730 may also be used to 
enable a user to set preferences flirou^ an external device or software application, to 
download other application modules 1724N for mstallation, and to load Certs, keys and other 
information onto a device as described above, this wired download path may be used to load 
an encryption key onto the device, which is a more secure method than exchanging 
encryption information via the wireless network 1719. 

Addition^ application modules 1724N may be loaded onto Bie dual-mode device 100 

through the networic 1719, through an auxiliary I/O subsystem 1728, through the serial port 

1730, through the short-range communications subsystem 1740, or through any other suitable 

subsystem 1742, and installed by a user in the Flash memory 1724 or RAM 1726. Such 

flexibility in application installation increases the functionality of the device 100 and may 

provide enhanced on-device functions, communication-related functions, or both. For 

example, secure conmiunication applications may enable electronic commerce functions and 

other such financial transactions to be performed using the device 100. 

When the dual-mode device 100 is operating in a data communication mode, a 

received signal, such as a text message or a web page download, will be processed by the 

transceiver 1711 and provided to tiie microprocessor 1738, which will preferably further 

process the received signal for output to the display 1722, or, alternatively, to an auxiliary I/O 

53 



wo 02/101605 PCT/CA02/00889 

device 1728. A user of dual-mode device 100 may also compose data items, such as email 
messages, using the keyboard 1732, which is preferably a complete alphanumeric keyboard 
laid out in the QWERTY style, although other styles of complete alphanumeric keyboards 
such as the known DVORAK style may also be used. User input to the device 100 is further 
enhanced with a plurality of anxiliaiy I/O devices 1728, which may inchide.a thumbwheel 
input 'device, a touchpad» a variety of switches, a rocker input switch, etc. The composed 
data items input by the user may then be transmitted over the communication network 1719 
via die transceiver 171 1. Secure messages received by and to be transmitted from the mobile 
device 100 are processed by die data communication module 1724B or an associated secure 
messaging software application according to the techniques described above. 

When the dual-mode device 100 is operating in a voice communication mode, the 
overall operation of the device 100 is substantially similar to the data mode, except that 
received signals are preferably output to the speaker 1734 and voice signals for transmission 
are generated by a micro^one 1736. In addition, die secure messaging tedmiques described 
above might not necessarily be applied to voice communications. Alternative voice or audio 
I/O subsystems, such as a voice message recording subsystem, may also be unplemented on 
the device 100. Although voice or audio signal output is preferably accomplished primarily 
dirough die speaker 1734, the display 1722 may also be used to provide an indication of die 
idendty of a calling party, the duradon of a voice call, or other voice call related infomudon. 
For example, the microprocessor 1738, in conjunction with the voice communication module 
1724A and the operating system software, may detect the caller identification information of 
an incoming voice call and display it on the display 1722. 

A short-range communications subsystem 1740 may also be included in the dual- 
mode device 100. For example, the subsystem 1740 may include an infrared device and 

associated circuits and components, or a short-range wireless communication module, such as 
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a "Bluetooth" module or an 802.11 module according to the Bluetooth or 802.11 
specifications, respectively, to provide for communication with similarly-enabled systems 
and devices. It will be apparent to those skilled in the art that "Bluetooth" and 802.1 1 refer to 
sets of specifications, available ftom the Institute of Electrical and Electronics Engineers 
(IEEE), relating to wireless LANs and wireless personal area networks, respectively. 

Having described in detail the preferred embodiments of the system, including the 
preferred methods of operation, it is to be understood tiiat tiiis operation could be carried out 
with difGerent elements and steps. This preferred embodiment is presented only by way of 
example and is not meant to Iknit tiie scope of the present invention. For example, Figs. 18 
and 19 illustrate pre-processing and. post-processing of messages involving wireless mobile 
conununications devices. 

Fig. 18 depicts a pre-processing example wherem a host system 1806 receives a 
message 1804 from a message sender 1802 addressed to one or more message receivers. A 
wireless connector system 1810 generates a message 1812 for a mobile device 1814 tiiat 
corresponds to a message receiver. The wireless connector system 1810 performs 
auflientication and/or enciyption message processing 1808 upon tiie sender's message 1804. 
Many ^^pes of processing may be performed, such as reducing the size of a sender's 
encrypted inessage by excluding some or all session keys not needed by a message receiver 
corresponding mobile device. Through protessing 1808, the message 1812 transmitted to the 
mobile device 1814 is a modification of the sender's message 1804 wifli respect to 
auflientication and/or encryption aspect(s). The mobile device 1814 contains memory for 
storing such pre-processed messages, such as volatile or non-volatile RAM (random access 
memory). 

The sender's message 1804 is similarly processed if other mobile devices are 

identified by flie wireless connector system 1810 to correspond to tiie recipients fliat should 
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receive the sender's message 1804. In this way, messages (e.g., 1816) modified with respect 
to authentication and/or encryption aspect(s) (e.g., encoding aspects) are sent to other mobile 
devices (e.g., 1818). 

It should be understood that such a system may be varied in many ways, such as 
allowing the processing 1 808 to be peifotmed by the host system 1806, or havmg the wireless 
connector system 1810 operate within the host system 1 806 or operate on a different platform, 
from the host system 1806. As a further example of the wide scope of the system's 
variations, the wirdess connector system 1810 may use techniques odier than redirection 
operations to transmit messages to mobile devices (e.g., 1814 and 1818). 

Kg* 19 depicts a post-processing example wherein a wireless connector system 1906 
receives a message 1904 addressed to one or more message receivers (e.g., 1914 and 1918) 
from a wireless mobile communication device 1902. Authentication and/or encryption 
message processing 1908 is performed upon the message 1904. Many types of processing 
may be peiformed,,such as: removing signatdre-related information indication &dm a device^s 
signed message and attaching signature^related information identified in the signature-related 
information indication to the signed message. The processed message 1912 may then be sent 
through tiie host system 1910 to one or more receivers (e.g., 1914 and 1918). 

Such pre-processing and post-processing systems as described herein address many 

issues, such as the difficulty fliat current systenis do not attempt to deliver entire S/MIME 

messages to a mobile device, due primarily to bandwidth and battery limitations associated 

witii mobile devices. One difficulty is tiiat S/MIME messages are usually too large to send 

effectively to a mobile device over a wireless communication network. If an entire S/MIME 

message is sent, either to or from a mobile device, it could use excessive amounts of memory 

and battery power just for a single message. Considering the time necessary for reception or 

transmission by a mobile device, the memory required for storage and the battery power 
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required to handle the message exchange, a product that tried to support straight S/MIME 
would have undesirable qualities to the average business user. Another exemplary issue is 
that fliere are no cunentiy available public key servers accessible to wireless networks and 
mobile devices. As a result, the use of public key cryptographic operations is very difficult 
and requires heavy caching operations at the mobile device to eliminate Public Key 
Infrastructure (PKT) requirements. In the area of exchanging secure e-mail messages, there 
are additional problems that include (1) the inability for mobile devices to retrieve public 
encryption keys from PKIs to encrypt messages being sent from the mobile device, (2) the 
inability to retrieve public keys on received messages that are signed, (3) the inability to deal 
with very large CRLs on small devices, and (4) the time delay on mobile devices with slower 
processors to perform complex mathematical calculations involved with public key 
encryption algorithms. These problems and others result in a poor and frustrating user 
experience when trying to exchange S/MIME-based e-mail messages using mobile devices. 

The pre-processing and post-processing system and method desciil)ed herein process 
secure e-mail messages so that such messages, including for example S/MIMB messages, can 
be exchanged with mobile devices. The system and method also leverages the processor 
power of a host system associated with a mobile device to enable a better user experience 
when exchanging S/MJME messages with mobile devices. 

Still further examples of the wide scope of the system and method disclosed hmin 

are illustrated in FIGS. 20-22. FIGS. 20-22 describe additional uses of the system and 

method within different exemplary communication systems. Fig. 20 is a block diagram 

showing an example conununication system. In Fig. 20, there is shown a computer system 

2002, a WAN 2004, corporate LAN 2006 behind a security firewall 2008, wireless 

infrastructure 2010, wireless networks 2012 and 2014, and wireless mobile communication 

devices ("mobile devices") 2016 and 2018. The corporate LAN 2006 includes a message 
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server 2020, a wireless connector system 2028, a data store 2017 including at least a plurality 

of mailboxes 2019, a desktop computer system 2022 having a communication link directly to 

a mobile device such as through physical connection 2024 to an interface or connector 2026, 

and a wireless Virtual Private Network (VPN) router 2032, Operation of the system in Fig. 

20 will be described below with reference to the messages 2033, 2034 and 2036. 

The computer system 2002 may, for example, be a laptop, desktop or palmtop 
compute system configured for connection to the WAN 2004. Such a computer system may 
connect to the WAN 2004 via an ISP or ASP. ' Alternatively, the computer system 2002 may 
be a network-connected computer system that, Uke the computer system 2022 for example, 
accesses the WAN 2004 through a LAN or other network. Many modOTi mobile devices are 
enabled for connection to a WAN through various infrastmcture and gateway arrangements, 
50 that the computer system 2002 may also be a mobile device. 

Hie corporate LAN 2006 is an illustrative example of a central, server-based 

messaging system that has been enabled for wireless conununications. The corporate LAN 

2006 may be referred to as a "host system", in that it hosts both a data store 2017 with 

mailboxes 2019 for messages, as well as possibly further data stores (not shown) for other 

data items, that may be sent to or received from mobile devices 2016 and 2018, and the 

whrdess connector system 2028, the wireless VPN router 2032, or possibly other components 

enabling communications between the corporate LAN 2006 and one or more mobile devices 

2016 and 2018. In more general terms, a host system may be one or more computers at, with 

or in association with which a wkeless connector system is operating, as described above. 

The corporate LAN 2006 is one preferred embodiment of a host system, in which the host 

system is a server computer running within a corporate networic envhronment operating 

behind and protected by at least one security communications firewall 2008. Other possible 

central host systems include ISP, ASP and other service provider or mail systems. Although 
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the desktop computer system 2024 and interface/comiector 2026 may be located outside such 
host systems, wireless communication operations may be simUar to those described below. 

The corporate LAN 2006 implements the wireless connector system 2028 as an 
associated wireless communications enabling component, which will normally be a software 
program, a software appUcation, or a software component built to work with at least one or 
more message server. The wireless connector system 2028 is used to send user-selected 
information to, and to receive infonnadon ftwn, one or more mobile devices 2016 and 2018, 
via one or more wireless netwoAs 2012 and 2014. The wireless connector system 2028 may 
be a separate component of a messaging system, as shown in Fig. 20, or may instead be 
. partiaUy or entirely incorporated into other communication system components. Fbr ■ 
.example, the message servex 2020 may incorporate a software program, application, or 
component implementing the wireless connector system 2028, portions thereof, or some or all 
of its functionality. 

The messa^ server 2020, running on a computer beWrid die firewall 2008, acts as the 
main interface for the corporation to exchange messages, including for example email, 
calendaring data, voice maU, electronic documents, and odier personal information 
management (PIM) data with the WAN 2004, which will typically be the Internet The 
particular intermediate operations and computers will be dependent upon the specific type of 
message deUvery mechanisms and networks via which messages are exchanged, and 
therefore have not been shown in Kg. 20. The functionanty of the message s«ver 2020 may 
extend beyond message sending and receiving, providing such features as dynamic database 
storage for data like calendars, todo lists, task lists, e-mail and documentation. 

Message servers such as 2020 normally maintain a plurality of mailboxes 2019 in one 

or more data stores such as 2017 for each user having an account on the server. The data 

store 2017 includes mailboxes 2019 for a number of ("n") user accounts. Messages received 
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by the message server 2020 that identify a user, a user account, a mailbox, or possibly 

another address associated with a user, account or mailbox 2019 as a message recipient will 

typically be stored in the corresponding mailbox 2019. If a message is addressed to multiple 

recipients or a distribution list, then copies of the same message may be stored to more than 

one mailbox 2019. Alternatively, the message server 2020 may store a single copy of such a 

message in a data store accessible to all of the users having an account on the message server, 

and store a pointer or other identifier in each recipient's mailbox 2019. In typical messaging 

systems, each user may (hen access his or h^ mailbox 2019 and its contents using a 

messagmg client such as Microsoft Outlook or Lotus Notes, which normally operates on a 

PC, ^uch as the desktop computer system 2022, connected in the LAN 2006. Although only 

one desktop computer system 2022 is shown in Fig. 20, those skilled in the art will appreciate 

that a LAN will typically contain many desktop, notebook and laptop computer systems. 

Each messaging client normally accesses a mailbox 2019 through the message server 2020, 

although in some systems, a messagmg client may enable direct access to the data store 2017 

and a mailbox 2019. stored thereon by &e desktop computer system 2022. Messages may • 

also be downloaded from the data store 2017 to a local data store (not shown) on the desktop 

computer system 2022. 

Within flie corporate LAN 2006, the wireless connector system 2028 operates in 

conjunction with the message server 2020. The wireless connector system 2028 may reside 

on die same computer system as the message server 2020, or may mstead be implemented on 

a different computer system. Software implementing the wkeless connector system 2028 

may also be partially or entirely integrated with the message server 2020. The wireless 

connector system 2028 and the message server 2020 are preferably designed to cooperate and 

interact to allow the pushing of mformation to mobile devices 2016, 2018. In such an 

mstallation, the wireless connector system 2028 is preferably configured to send information 
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that is Stored in one or more data stores associated with the corporate jLAN 2006 to one or 
more mobile devices 2016, 2018, through the corporate firewall 2008 and via die WAN 2004 
and one of the wireless networks 2012, 2014. For example, a user that has an account and 
associated mailbox 2019 in the data store 2017 may also have a mobile device, such as 2016. 
As described above, messages received by the message server 2020 that identify a user, 
account or mailbox 2019 are stored to a corresponding mailbox 2019 by the message server 
2020. If a user has a mobile device, such as 2016, messages received by the message server 
2020 and stored to the user's mailbox 2019 are preferably detected by the wireless connector 
system 2028 and sent to the user's mobile device 2016. This type of functionality represents 
a ''push" message sending technique. The i^less connector system 2028 may instead 
employ a "pull" technique, in which items stored in a mailbox 2019 are sent to a mobile 
device 2016, 2018 responsive to a request or access operation made using the mobile device, 
or some combination of both techniques. 

The use of a wireless connector 2028 thereby enables a messaging system mcluding a 
message server 2020 to be extended so that each user's mobile device 2016, 2018 has access 
to stored messages of the message server 2020. 

As shown ha Hg. 20, and similar to the system of Fig. 1, there are several paths for 
exchanging information with a mobile device 2016, 2018 from the corporate LAN 2006, One 
possible infomiation transfer path is through the physical connection 2024 such as a serial 
port, usmg an interface or connector 2026. Hiis path may be useful for example for transfer 
of bulky PIM and signature-related information, data synchronizadon, and private encryption 
or signature key transfers, as described above. In known "synchronization" type wireless 
messaging systems, a physical path has also been used to transfer messages from mailboxes 
2019 associated with a message server 2020 to mobile devices 2016 and 2018. 
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Another method for data exchange with a mobUe device 2016, 2018 is over-the-air, 
through the wireless connector system 2028 and using wireless networks 2012, 2014. As 
shown in Fig. 20, thds could involve a Wireless VPN router 2032 or a traditional WAN 
connection to wireless infrastructure 2010 that provides an interface to one or more wireless 
networks 2012, 2014. The Wireless VPN router 2032 provides for creation of a VPN 
connection directly through a specific wireless network 2012 to a wireless device 2016. A 
primary advantage of using a wireless VPN router 2032 is that it could be an off-the-shelf 
VPN component which would not require wireless infrastructure 2010. A VIW connection 
may use a Transmission Control Protocol over BP (TCP/IP) or User Datagram Protocol over 
IP (UDP/IP) connection to deliver messages directly to and from a mobile device 2016. 

If a wireless VPN router 2032 is. not available, then a link to a WAN 2004, normally 
the Internet, is a commonly used connection mechanism that may be employed by the 
wireless connector system 2028. To handle the addressing of the mobile device 2016 and any 
other requked interface functions, wireless infrastructure 2010 is preferably used. 

In some implementations, more than one over-the-air information exchange 
mechanism may be provided in the corporate LAN 2006. In the exemplary communication 
system of Fig. 20 for example, mobile devices 2016, 2018 associated with users having 
mailboxes 2019 associated with user accounts on the message server 2(^0 are configured to 
operate on different wireless networks 2012 and 2014. If the wireless network 2012 supports 
IPv6 addressing, then the wireless VPN router 2032 may be used by the wireless connector 
system 2028 to exchange data with any mobile device 2016 operating within tiie wireless 
network 2012. The wireless network 2014 may be a different type of wireless network, 
however, such as the Mobitex network, in which case information may instead be exchanged 
with a mobile device 2018 operating within tiie wireless network 2014 by the wireless 
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connector system 2028 via a connection to the WAN 2004 and the wireless infrastructure 

2010. 

Operation of the system in Hg. 20 is similar to that of Fig. 1, described above. An e- 
mail message 2033 sent from the computer system 2002 and addressed to at least one 
recipient having both an account and mailbox 2019 or like data store associated with the 
message server 2020 and a mobile device 2016 or 2018. However, the e-mail message 2033 
is intended for illustrative puiposes only. The exchange of other ^es of information 
between the corporate LAN 2006 is preferably also enabled by the wireless connector system 
2028. 

Tlie e-mail message 2033, sent from the computer system 2002 via the WAN 2004, 
may be folly in the clear, or signed with a digital signature and/or encrypted, depending upon 
the particular messaging scheme used. For example, if the computer system 2002 is enabled 
for secure messaging using S/MIMB, then the e-mail message 2033 may be signed, 
encrypted, or both. 

The e-mail message 2033 arrives at the message server 2020, which determines into 
which mailboxes 2019 the e-mail message 2033 should be stored. As described above, a 
message such as the e-mail message 2033 may include a user name, a user account, a mailbox 
identifier, or other type of identifier that may be mapped to a particular account or associated 
mailbox 2019 by the message server 2020. For an e-mail message 2033, recipients are 
typically identified using e-mail addresses corresponding to a user account and thus a 
mailbox 2019. 

The wireless connector system 2028 sends or minors, via a wkeless network 2012 or 

2014, certain user-selected data items or parts of data items from the corporate LAN 2006 to 

the user*s mobile device 2016 or 2018, preferably upon detecting that one or more triggering 

events has occurred. A triggering event includes, but is not limited to, one or more of the 
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following: screen saver activation at a user's networked computer system 2022, 
disconnection of the user's mobile device 2016 or 2018 from the interface 2026, or receipt of 
a command sent from a mobile device 2016 or 2018 to the host system to start sending one or 
more messa'ges stored at the host system. Thus, the wireless connector system 2028 may 
detect triggering events associated with ±e message server 2020, such as receipt of a 
command, of with one or more networked computer systems 2022, includmg the screen saver 
and disconnection events described above. When wireless access to corporate data for a 
mobile device 2016 or 2018 has been activated at the LAN 2006, for example when the 
wireless connector system 2028 detects the occurrence of a triggering event for a mobile 
device user, data items selected by the user are preferably sent to the user's mobile device, lii 
the example of the e-mail message 2033, assummg that a triggering event has been detected, 
the arrival of the message 2033 at the message server 2020 is detected by the wireless 
connector system 2028. This may be acconiplished, for example, by monitoring or querying 
mailboxes 2019 associated with the message server 2020, or, if die message server 2020 is a 
Microsoft Exchange server, then the wireless connector system 2028 may register for advise 
syncs provided by the Microsoft Messaging Application. Programming Interface (MAPI) to 
thereby receive notifications when a new message is stored to a mailbox 2019. 

When a data item such as the e-mail message 2033 is to be sent to a mobile device 
2016 or 2018, the wireless connector system 2028 preferably repackages the data item, as 
indicated at 2034 and 2036. Repackaging techniques may be similar for any available 
transfer paths or may be dependent upon the particular transfer path, either the wireless 
infrastructure 2010 or the wireless VPN router 2032. For example, the e-mail message 2033 
is preferably compressed and encrypted, either before or after being repackaged at 2034, to 
thereby effectively provide for secure transfer to the mobile device* 2018. Compression 

reduces the bandwidth required to send the message, whereas encryption ensures 
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confidentiality of any messages or other information sent to mobile devices 2016 and 2018. 
In contrast, messages transferred via a VPN router 2032 noight only be compressed and not 
encrypted, since a VPN connection established by the VPN router 2032 is inherently secure. 
Messages are thereby securely sent, via either encryption at the wireless connector system 
2028, which may be considered a non-standard VPN tunnel or a VPN-like connection for 
example, or the VPN router 2032, to mobile devices 2016 and 2018. Accessing messages 
udng a mobile device 2016 or 2018 is thus no less secure than accessing mailboxes at the 
LAN 2006 using the desktop computer system 2022. 

When a repackaged message 2034 or 2036 arrives at a mobile device 2016 or 2018, 
via the wireless infirastructure 2010, or via the wireless VPN router 2032, the mobile device 
2016 or 2018 removes the outer electronic envelope from the repackaged message 2034 or 
2036, and performs any required decompression and decryption operations. Messages sent 
from a mobile device 2016 or 2018 and addressed to one or more recipients arc preferably 
similarly repackaged, and possibly compressed and encrypted, and sent to a host system such 
as the LAN 2006. The host system may then remove the electronic envelope from the 
repackaged message, decrypt and decompress the message if desired, and route the message 
to the addressed recipients. 

Fig. 21 is a block diagram of an altemative exemplary communication system, in 
which wireless communications are enabled by a component associated with an operator of a 
wireless network. As shown m Fig. 21, the system includes a computer system 2002, WAN 
2004, a corporate LAN 2007 located behind a security firewall 2008. network operator 
infrastructure 2040, a wireless network 2011, and mobile devices 2013 and 2015. The 
computer system 2002, WAN 2004, security firewall 2008, message server 2020, data store 
2017, mailboxes 2019, and VPN router 2035 arc substantially the same as the similarly- 
labelled components in Fig. 20. However, since the VPN router 2035 communicates with the 
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network operator infrastructure 2040^ it need not necessarily be a wireless VPN router in the 
system of Fig. 21. The network operator infrastructure 2040 enables wireless information 
exchange between the LAN 2007 and mobile devices 2013, 2015, respectively associated 
with the computer systems 2042 and 2052 and configured to operate within the wireless 
network 2011. In the LAN 2007, a plurality of desktop computer systems 2042, 2052 are 
shown, each having a physical connection 2046, 2056 to an interface or connector 2048, 
2058, A wireless connector systeni 2044, 2054 is operatmg on or in conjunction with each 
computer system 2042, 2052. 

The wireless connector systems 2044, 2054 are similar to the wireless connector 
system 2028 described above, in that it enables data items* such as e-mail messages and other 
items that are stored in mailboxes 2019, and possibly data items stored in a local or netwoik 
data store, to be sent from the LAN 2007 to one or more mobile devices 2013, 2015. In Kg. 
21 however, the network operator infrastructure 2040 provides an interface between the 
mobile devices 2013, 2015 and the LAN 2007. As above, operation of the system shown m 
Fig. 21 will be described below in the context of an e-mail message as an illustrative example 
of a data item that may be sent to a mobile device 2013, 2015. 

When an e-mail message 2033, addressed to one or more recipients having an account 
on the message server 2020, is received by the message server 2020, the message, or possibly 
a pointer to a single copy of the message stored in a central mailbox or data store, is stored 
into the mailbox 2019 of each such recipient. Once the e-mail message 2033 or pointer has 
been stored to a mailbox 2019, it may preferably be accessed using a mobile device 2013 or 
2015. In the example shown in Kg. 21, the e-mail message 2033 has been addressed to the 
mailboxes 2019 associated with both desktop computer systems 2042 and 2052 and thus both 
mobile devices 2013 and 2015. 
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As those skilled in the art will appreciate, communication network protocols 
commonly used in wired networks such as die LAN 2007 and/or flie WAN 2004 are not 
suitable or compatible with wireless network communication protocols used within wireless 
networks such as 2011. For example, communication bandwidth, protocol overhead and 
network latency, which are primary concerns in wireless network communications, are less 
significant in wired networks, which ^ically have much higher capacity and speed than 
wireless networks. Therefore, mobile devices 2013 and 2015 cannot normally access the data 
store 2017 directly. The network operator mfrastructure 2040 provides a bridge between the 
wireless network 201 1 and the 1-AN 2007. 

The network operator infrastructure 2040 enables a mobile device 2013« 2015 to 
establish a connection to the LAN 2007 through tiie WAN 2004, and may,- for example, be 
operated by an operator of the wireless network 2011 or a service provider tiiat provides 
wireless communication service for mobile devices 2013 and 2015. In a pull-based system, a 
mobile device 2013, 2015 may establish a conmiunication session with tiie network operator 
infrastructure 2040 using a wireless network compatible communication scheme, preferably a 
secure scheme such as Wireless Transport Layer Security (WTLS) when information should 
remain confidential, and a wireless web browser such as a Wireless Application Protocol 
(WAP) browser. A user may then request (tiirough manual selection or pre-selected defaults 
in the software residing in the mobile device) any or all information, or just new information 
for example, stored in a mailbox 2019 in the data store 2017 at tiie LAN 2007. The network 
operator infrastructure 2040 then establishes a coimection or session with a wireless 
connector system 2044, 2054. using Secure Hypertext Transfer Protocol (HTTPS) for 
example, if no session has ahready been established. As above, a session between the 
network operator infrastructure 2040 and a wkeless connector system 2044, 2054 may be 

made via a typical WAN connection or tiirough tiie VPN router 2035 if available. When time 
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delays between receiving a request fiom a mobile device 2013, 2015 and delivering requested 
information back to the device are to be minimized, the network operator infrastructure 2040 
and the wireless connector systems 2044, 2054 may be configured so that a communication 
connection remains open once established. 

In the system of Fig. 21, requests origuiating from mobile device A 2013 and B 2015 
would be sent to the wireless connector systems 2044 and 2054, respectively. Upon 
receiving a request for information from the network operator infrastructure 2040, a wireless 
connector system 2044, 2054 retrieves requested information from a data store. For the e- 
mail message 2033, the vmeless connector system 2044, 2054 retrieves the e-mail message 
2033 from the appropriate mailbox 2019, typically through a messaging client operating in 
conjunction with the computer system 2042, 2052, whic^ may access a mailbox 2019 either 
via the message server 2020 or directly. Alternatively, a wireless connector system 2044, 
2054 may be configured to access mailboxes 2019 itself, directly or through the message 
serv^ 2020. Also, other data stores, both network data stores sunilar to the data store 2017 
and local data stores associated with each computer system 2042, 2052, may be accessible to 
a wireless connector system 2044, 2054, and thus to a mobile device 2013, 2015. 

If the e-mail message 2033 is addressed to the message server accounts or mailboxes 
2019 associated with both computer systems 2042 and 2052 and devices 2013 and 2015, then 
the e-mail message 2033 may be sent to the network operator infrastructure 2040 as shown at 
2060 and 2062, which then sends a copy of the e-mail message to each mobile device 2013 
and 2015, as indicated at 2064 and 2066. Information may be transferred between tiie 
wkeless connector systems 2044, 2054 and the network operator infrastructure 2040 via 
either a connection to the WAN 2004 or the VPN router 2035. When the network operator 
infrastmcture 2040 communicates with the wireless connector systems 2044, 2054 and the 

mobile devices 2013, 2015 via different protocols, translation operations may be performed 
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by the network operator mfrastructure 2040. Repackaging techniques may also be used 

between the wireless connector systems 2044, 2054 and the network operator inlfrastructure 

2040, and between each mobile device 2013, 2015 and the network operator infrastructure 

2040. 

Messages or other information to be sent from a mobile device 2013, 2015 may be 
processed in a sinailar manner, with such information first being transferred firom a mobile 
device 2013, 2015 to the network operator infrastrucftire 2040: The netwodc operator 
infrastructure 2040 may then send the information to a wireless connector system 2044, 2054 
for storage in a mailbox 2019 and delivery to any addressed recipients by the message server 
2020 for example, or may alternatively deliver the information to the addressed recipients. 

. The above description of the system in Hg. 21 relates to puU-based operations. Hie 
wireless connector systems 2044, 2054 and the network operator infrastracture may instead 
be. configured to push data items to mobile devices 2013 and 2015. A combined push/pull 
system is also possible. For example, a notification of a new message or a list of data items 
currently stored in a data store at the LAN 2007 could be pushed to a mobile device 2013, 
2015, which may then be used to request messages or data items from the LAN 2007 via the 
network operator infirastructure 2040. 

If mobile devices associated with us^ accouiits on the LAN 2007 ^e configured to 
operate within different wireless networks, then each wireless network may have an 
associated wireless network infirastructure component similar to 2040. 

Although separate, dedicated wireless connector systems 2044, 2054 are shown for 

each computer system 2042, 2052 in the system of Fig. 21, one or more of the wireless 

coimector systems 2044, 2054 may preferably be configured to operate in conjunction with 

more than one computer system 2042, 2052, or to access a data store or mailbox 2019 

associated with more than one computer system. For example, the wireless connector system 
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2044 may be granted access to the mailboxes 2019 associated witb both the computer system 
2042 and the computer system 2052. Requests for data items from either mobile device A 
2013 or B 2015 may then be processed by the wireless connector system 2044, This 
configuration may be useful to enable wireless conmiunications between the LAN 2007 and 
flie mobile devices 2013 and 2015 without requiring a desktop computer system 2042, 2052 
to be running for each mobile device user, A wireless connector system may instead be 
implemented in conjunction with the message s^er 2020 to enable wireless 
conmiunications. 

' Fig. 22 is a block diagram of another alternative communication system. The system 
mcludes a computer system 2002, WAN 2004, a corporate LAN 2009 located behind a 
security firewall 2008, an access gateway 2080, data store 2082, wireless networks 2084 and 
2086, and mobile devices 2088 and 2090. In the LAN 2009, the computer system 2002, 
WAN. 2004, security firewall 2008, message server 2020, data store 2017, mailboxes 2019, 
desktop computer system 2022, physical connection 2024, interface or connector 2026 and 
VPN router 2035 are substantially the same as the corresponding components described 
above. The access gateway 2080 and data store 2082 provide mobile devices 2088 and 2090 
with access to data items stored at the LAN 2009. In Fig. 22, a wkeless connector system 
2078 operates on or in conjunction with the message server 2020, although a wireless 
coimector system may instead operate on or in conjunction with one or more desktop 
computer systems in the LAN 2009. 

The wireless connector system 2078 provides for transfer of data items stored at the 
LAN 2009 to one or more mobile devices 2088, 2090. These data items preferably include e- 
mail messages stored in mailboxes 2019 in the data store 2017, as well as possibly other 
items stored in the data store 2017 or another network data store or a local data store of a 
computer system such as 2022. 
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As described above, an e-mail message 2033 addressed to one or more recipients 

having an account on the message server 2020 and received by the message server 2020 may 

be stored into the mailbox 2019 of each such recipient. In the system of Fig. 22, the external 

data store 2082 preferably has a similar structure to, and remains synchronized with, the data 

store 2017. PIM information or data stored at data store 2082 preferably is independently 

modifiable to the PIM information or data stored at the host system. In this particular 

configuration, the independently modifiable information at the external data store 2082 may 

maintain synchronization of a plurality of data stores associated with a user (i.e., data on a 

mobile device, data on a personal computer at home, data at the coiporate LAN, etc.). This 

synchronization may be accomplished, for example, through updates sent to flie data store 

2082 by the wireless connector system 2078 at certain tune intervals, each tune an entry in 

the data store 2017 is added or changed, at certain times of day, or when initiated at the LAN 

2009, by. the message server 2020 or a computer system 2022, at the data store 2082, or 

possibly by a mobile device 2088, 2090 through the access gateway 2080. In the case of the 

e-mail message 2033 for example, an update sent to the data store 2082 some time after the e- 

mail message 2033 is received may indicate that the message 2033 has been stored in a 

certain mailbox 2019 in the store 2017, and a copy of the e-mail message will be stored to a 

corresponding storage area in the data store 2082. When the e-mail message 2033 has been 

stored in the mailboxes 2019 corresponding to the mobile devices 2088 and 2090 for 

example, one or more copies of the e-mail message, indicated at 2092 and 2094 m Fig. 22, 

will be sent to and stored in corresponding storage areas or mailboxes in the data store 2082. 

As shown, updates or copies of stored information in the data store 2017 may be sent to the 

data store 2082 via a connection to the WAN 2004 or the VPN router 2035. For example, the 

wireless connector system 2078 may post updates or stored information to a resource in the 

data store 2082 via an HTTP post request. Alternatively, a secure protocol such as HTTPS or 
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Secme Sockets Layer (SSL) may be used. Those skilled in the art ^ill appreciate that a 

single copy of a data item stored in more than one location in a data store at the LAN 2009 

may instead be sent to the data store 2082. This copy of the data iteni could then be stored 

either in more flian one coixesponding location in the data store 2082, or a single copy may be 

stored in the data store 2082, with a pointer or other identifi^ of the stored data item being 

stored in each coiresponding location in the data store 2082. 

Hie access gateway 2080 is effectively an access platform, in that it provides mobile 

devices 2088 and 2090 with access to the data store 2082. The data store 2082 may be 

configured as a resource accessible on the WAN 2004, and the access gateway 2080 may be 

an ISP system or WAP gateway through which mobile devices 2088 and 2090 may connect 

to the WAN 2004. A WAP toowser or other browser compatible with the wireless networks 

2084 and 2086 may then be used to access the data store 2082, which is synchronized with 

the data store 2017, and download stored data items either automatically or responsive to a 

request froni a mobile device 2088, 2090. As shown at 2096 and 2098, copied of the e-mail 

message 2033, which was stored in the data store 2017, may be sent to the mobile devices 

2088 and 2090. A data store (not shown) on each mobile device 2088, 2090 may thereby be 

synchronized with a portion, such as a mailbox 2019, of a data store 2017 on a corporate 

LAN 2009. Changes to a mobile device data store may suxdlarly be reflected in the data 

stores 2082 and 2017. 
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1. A method of reducing the size of an encrypted message at a host system before the 
message is transmitted to a wireless mobile communication device, the method comprising 
the stq)s of: 

(a) receiving at the host system an encrypted message from a message sender 
addressed to first and second message receivers, the encrypted message including an 
encrypted message body and an encrypted session key for each of the message receivers; 

(b) generating at the host system a first reducbd size encrypted message that contains 
the encrypted message body and the encrypted session key for the fiurst message receiver, the 
first reduced size encrypted message not including flie encrypted session key for the second 
message receiver; and 

(c) transmitting the first reduced size encrypted message to a wireless mobile 
communication device that corresponds to the first message receiver. 

2. The method of claim 1, wherein the step of generating a first reduced size encrypted 
message comprises the step of removing an encrypted session key other than the encrypted 
session key for the first message receiver in order to form the first reduced sized encrypted 
message. 

3. The method of claim 1, wherein the step of generating a first reduced size encrypted 
message comprises the step of removing all encrypted session keys other flian the encrypted 
session key for the first message receiver in order to fonn the first reduced size encrypted 
message. 
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4. The method of claim 3, wherein the step of generating a first reduced size encrypted 
message comprises the step of removing a message receiver information field of the message 
which maps each encrypted session key to a message recipient 

5. The method of claim 1 wherein: 

the receiving step (a) comprises the step of receiving at the host system an encrypted 
message from a message sender addressed to a ptoality of message receivers, the encrypted 
message including an encrypted message body and an encrypted session key for each 
message receiver, . 

the method further comprises the step of determining whether any of the message 
receivers has a corresponding wireless mobile conmmnication device; 

the generating step (b) comprises the step of, for each message receiver that has a 
corresponding wkeless mobile communication device» generating a reduced size encrypted 
message containing the encrypted message body and the encrypted session key only for the 
message receiver, and 

the transmitting step (c) comprises the step of transmitting the reduced size encrypted 
message to the wireless mobile communication device. 

6. The method of claim 5, wherein a single address is shared by a message receiver and 
a corresponding wireless mobile communication device. 

7. The method of claim 5, wherein each encrypted session key is encrypted using a 
public key of a message receiver, and a message receiver and a corresponding wireless 
mobile communication device share the public key and an associated private key. 
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8. The method of claim 1, wherein the encrypted message is a message that has been 
signed and then encrypted, and furth^ includes an encrypted digital signature; and 

the step of generating a first reduced size encrypted message comprises the step of 
generating a reduced size encrypted message containing the encrypted message body, the 
encrypted digital signature and the encrypted session key for the first message receiver. 

9. The method of claun 8, wherein: 

the encrypted message furdier comprises encrypted signature-related mformadon; and 
the step of generating a first reduced size encrypted message comprises the step of 
generating a reduced size encrypted message containing the encrypted message body» the 
encrypted digital signature, the encrypted signature-related information and the encrypted 
session key for the first message receiver. 

10. The method of claim 1, wherein the encrypted message is a Secme Multipurpose 
Litemet MaU Esctensions (SMME) e-mail message. 

11. The method of claim 1, wherein the encrypted message is encrypted accordmg to 
Pretty Good Privacy (PGP). 

12. A first reduced size encrypted message generated in accordance with the method of 
claim 1. 

13. A system for reducing the size of an encrypted message for transmission to a wireless 
mobile communication device, the system comprising: 
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a host system configured to receive an encrypted message from a message sender and 
addressed to message receivers, the encrypted message including an encrypted message body 
and an encrypted session key for each message receiver; and 

.a wireless connector system associated with the host system and configured to 
determine whether any of the message receivers has a cotresponding wireless mobile 
communication device and if so, for each message receiver that has a corresponding wireless 
mobile conmiunication device, to generate a reduced size encrypted message containing the 
message body and the encrypted session key only for the message receiver and to transmit the 
reduced size encrypted message to the wireless mobile communication device. 

14. The system of claim 13, wherein the host system comprises a message server system. 

15. The system of claim 14, wherein the message server system is implemented in a 
secure network behind a network security firewall 

16> The system of claim 13, wherein the host system comprises a desktop computer 
system or a laptop computer system. 

17. The system of claim 13, wherein a iietwork operator infrastructure enables wireless 
information exchange between the host system and wireless mobile communication devices. 

18. A system for reducing the size of an encrypted message at a host system before the 
message is transmitted to a wireless mobile conmiunication device, said system comprising: 
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means for receiving at the host system an encrypted message from a message sender 
addressed to first and second message receivers, the encrypted message including an 
encrypted message body and an encrypted session key for each of the message receivers; 

means for generating at the host system a first reduced size encrypted message that 
contains the encrypted message body and the emcrypted session key for the first message 
receiver, the first reduced size encrypted message not including the encrypted session key for 
the second message receiver, and 

taam for transmitting die first reduced size encrypted message to a wireless mobile 
communication device that corresponds to the first message receiver. 

19. A wireless device comprising memory for storing a first reduced size encrypted 
message, wherein flie first reduced size encrypted message was generated by a remote system 
based ujton an encrypted message provided to the remote system fi^om a message sender, said 
encrypted message fi»m the message sender having contaiped addresses to first and second 
message receivers, the seder's encrypted message including an encrypted message bo^ and 
an encrypted session key for each of the message receives, 

wherein the. first reduced size encrypted message contains the encrypted message 
body and the encrypted session key for the first message receiver, die first reduced dze 
encrypted message sent by the remote system to the wireless device not including the 
encrypted session key for the second message receiver. 

20. The wireless device of claim 19 wherein the wireless device has an association with 
the first message receiver, said association indicating that the wireless device is to receive 
messages sent to the first message receiver. 
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21. The wireless device of claim 19 wherein the remote system comprises host system 
means. 

22. Hie wireless device of claim 19 wherein the host system means comprises wireless 
connection system means. 

23. A computer data signal embodied in a carrier wave conqaistag a first reduced size 
encrypted message, wherein the first reduced size encrypted message was generated by a 
remote system based upon an enciypted message provided to the remote system from a 
message sender, said encrypted message from the message sender having contjuned addresses 
to first and second message receivers, the sender's enciypted message including an encrypted 
message body and an encrypted session key for each of the message receivers, 

wherein the first reduced size encrypted message contains the enaypted message 
body and the enciypted session key for the first message receiver, the first reduced size 
encrypted message sent by the remote system to the wireless device not including the 
encrypted session key for the second message receiver. 

24. A method for rearranging a signed message at a host system before the message is 
transmitted to a wireless mobUe communication device, the mediod comprising the steps of: 

receiving at the host system a signed message from a message sender addressed to 
message receivers, the signed message having a digital signature and a signed message body, 

determining whether any of the message receivers has a corresponding wireless 
mobile communication device; 

if any of the message receivers has a corresponding wireless mobile communication 
device, then: 
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rearranging the received signed message to generate a rearranged message 
including the signed message body followed by the digital signature; and 

transmitting the rearranged message to each corresponding wireless mobile 
communication device. 

25. The method of claim 24, wherein the received signed message further comprises 
signature-related information, the method further comprises the steps of: 

if one or more of the message receivers has a corresponding wireless mobile 
communication device, then performing steps comprising: 

storing the signature-related information at the host system; and 

transxnittmg the signature-related information to any one of the wireless 

mobile communication devices only in response to a request from the wireless mobile 

communication device. 

26. The method of claim 24, wherein the received signed message further includes 
signature-related information; and 

the step of rearranging the received signed message comprises rearranging the 
received signed message to generate a rearranged message including the signed message 
body followed by die digital signature and the signature-related information. 

27. TTie method of claim 24, wherein die received signed message further includes 
signature-related information, 

the method further comprising the step of: if one or more of the message receivers has 
a corresponding wireless mobile communication device, determining whether the signature- 
related infonnation is stored on each corresponding wireless mobile conamunication device; 
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the step of rearranging the received signed message comprises the steps of: 

for each wireless mobile communication device on which the signature-related 
information is stored, rearranging the received signed message to generate a first 
rearranged message including the signed message body followed by the digital 
signature; and 

for each wireless mobile communication device on which the signature-related 
information is not stored, rearranging the received signed message to generate a 
second rearranged message including the signed message body followed by the digital 
signature and the signature-related information; and 

the step of transmitting the rearranged message to each corresponding wireless mobile 
communication device comprises the steps of: 

transmitting the first rearranged message to each corresponding wireless 
mobile communication device on which the signature-related informadon is stored; 
and 

transmitting the second rearranged message to each corresponding wireless - 
mobile communication device on which the signature-related information is not 
stored. 

28. The method of claim 27, wherein the step of transmitting the second rearranged 
message comprises the steps of: 

transmitting the signed message body and the digital signature of the second 
rearranged message to each corresponding wireless mobile communication device on which 
the signature-related information is not stored; 

storing the signature-related information at the host system; and 
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transmitting the signature-related information to any one of the wireless mobile 
conammiication devices on which the signature-related information is not stored only in 
response to a request from the wireless mobile commimication device. 



29. The method of claim 25, wherem the signature-related information includes one or 
more of a Certificate of the message sender, a Certificate cham mcluding one or more 
chained Certificates, and a Certificate Revocation list for the Certificate and any of the 
chained Certificates. 

30. The method of claim 27, wherein the signature-related information includes one or 
more of a Certificate of the message sender, a Certificate chain including one or more 
chained Certificates, and a Certificate Revocation list for the Certificate and any of the 
chained Certificates. 

31. The method of claim 27, wherein the step of detennming whetiier the signature- 
related information is stored on each corresponding wireless mobile communication device 
comprises the step of accessing a user profile stored at the host system for a user of each 
corresponding wireless mobile communication device. 

32. The method of claim 24, wherein the signed message is a message that has been 
encrypted and then signed, and farther includes an encrypted session key for each message 
receiver, such that the message body is encrypted and botii the encrypted message body and 
the encrypted session keys are signed; and 

the rearranged message includes the encrypted message body and the encrypted 
session keys followed by the digital signature. 

81 



wo 02/101605 



PCT/CA02/00889 



33. The method of claim 25, wherein the signed message is a message that has been 
encrypted and then signed, and further includes an encrypted session key for each message 
receiver, such that the message body is encrypted and both the encrypted message body and 
the encrypted session keys are signed; and 

die rearranged message includes the encrypted message body and the encrypted 
session keys followed by the digital signature. 

34. The method of claim 27, wherein the signed message is a message that has been 
encrypted and then signed, and further includes an encrypted session key for each message 
receiver, such that the message body is encrypted and both the encrypted message body and 
the encrypted session keys are signed, 

wherein the first rearranged message includes the encrypted message body and the 
encrypted session keys followed by the digital signature; and 

wherein the second rearranged message includes the'encrypted message body and the 
encrypted session keys followed by the digital signature and the signature-related 
information. 

35. Hie method of claim 24, wherein: 

the encrypted message is a message that has been signed and then encrypted, and 
further includes an encrypted digital signature; and 

the step of rearranging the received signed message comprises the step of generating a 

reduced size encrypted message for each message receiver that has a corresponding wkeless 

mobile conununication device, contaming the encrypted message body, the encrypted digital 

signature and the encrypted session key for the message receiver. 
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36. A method for pre-processing an encrypted message at a host system before the 
message is transmitted to a wireless mobile communication device, the method comprising 
the steps of: 

receiving at the host system an encrypted message from a message sender addressed 
to message receivers, the encrypted message including an encrypted message body and an 
encrypted session key for each message receiver; 

determining whether any of the message receivers has a corresponding wireless 
mobile conmimiication device; and 

for each message receiver that has a corresponding wireless mobile communication 

device, 

decrypting the encrypted message body to recover an original message; and 
transmitting the original message to the corresponding wireless mobile 
communication device. 

• 37. The method of claim 36, wherein the step of decrypting die encrypted message body 
comprises the steps of: 

for each message receiver that has a corresponding wireless mobile communication 
device, performing steps comprising: 

generating a second message including the encrypted session key for the 
message receiver, 

transmitting the second message to die wireless mobile communication 

device; 
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receiving a decrypted session key from the wireless mobile communication 
device, the encrypted session key being dectypted using a private key on the wireless mobile 
communication device; and 

decrypting the encrypted message body using the decrypted session key. 

38. The method of claim 36, wherein the step of decrypting the enaypted message body 
comprises the steps of: 

for each message receiver that has a corresponding wireless mobile communication 
device, performing steps comprising: 

retrieving a private key that is associated with the corresponding wireless 
mobile conununication device and stored at the host system; 

decrypting the encrypted session key for the message receiver using the 
private key; and 

decrypdng the encrypted message body using the decrypted session key. 

39. The method of claim 36, wherein the step of transmitting comprises re-encrypting the 
original message according to a security scheme inq)lemented between the host system and- 
the wireless mobile communication device. 

40. The method of claim 39, wherein the security mechanism is Triple Data Encryption 
Standard. 

41. The method of claim 39, wherein the step of transmitting further comprises 
compressing the original message. 
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42. Hie method of claim 37, further comprising the steps of: 

at a wireless mobile communication device, performing steps comprising: 
receiving the second message from the host system; 

decrypting the encrypted session key using the private key on the wireless 

mobile communication device; 

» 

re-encrypting the decrypted session key according to a security scheme 
implemented between the host system and the wireless mobile communication device; 
and 

transmitting the re-encrypted session key to.the host system, and 
at the host system: 

decrypting the re-encrypted session key, 

43. The method of claim 36, wherein the step of decrypting the encrypted message body 
is performed only once ta recover the original message. 

44. The method of claun 37, wherein the steps of generating a second message and 
transmittmg the second message are repeated for each corresponding wireless mobile 
communication device, and the step of decrypting the encrypted message body is performed 
only once when a decrypted session key is received from any one of the corresponding 
wireless mobile conamunication devices, 

45. The mefliod of claim 36, wherein: 

the encrypted message is a message that has been signed and tiien encrypted, and 
further includes an encrypted digital signature; 
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the method farther comprises, after the step of decryptiag, the step of performing 
verification operations to check the digital signature; and 

the step of transmitting comprises transmitting the original message and an indication 
of the result of the verification operations to each coiresponding wireless mobile 
communication device. 

46. The method of claim 45, wherein: 

the step of transmitting comprises transmitting the original message, the mdication of 
the result of the verification operations and an indication that the original message was 
encrypted to each corresponding wireless mobile communication device; and 

the niethod further comprises the step, before the step of transmitting, of encrypting 
the original message, the indication of the result of the verification operations and flie 
indication that the original message was encrypted, according to a security scheme 
implemented between the host system and each wireless mobile conununication device. 

47. A method for pre-processing a signed message at a host system before transmitting 
the message to a wireless mobile communication device, the method comprising the steps of: 

receiving a signed message at the host system from a message sender, the signed 
message being addressed to one or more message receivers and having a digital signature and 
a signed message body; 

deteraaining whether or not any of the message receivers has a corresponding wireless 
mobile communication device; and 

if one or more of the message receivers has a corresponding wireless mobile 

conmiunication device, then 

performing verification operations to check the digital signature; and 
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transmitting the message body and an indication of a result of the verification 
operations to each conesponding wireless mobile communication device. 

48. The method of claim 47, wherein the digital signature includes a digest of the 
message body and a signature of the digest, 

wherein the verification operations comprise the steps of: 

generating a digest of the me,ssage body; 

extracting the digest from the digital signature; 

checking the signature of the digest using a public key of the message sender; 

and 

comparing the generated digest and the extracted digest, 
whereby the digital signature is verified when the signature of the digest is verified 
and the generated digest and the extracted digest match. 

49- The method of claim 47, wherein the message body and indication are encrypted 
according to a security scheme ttiat is implemented between the host system and die wkeless 
mobile communication device. 

50. The method of claim 48, wherein: 

the signed message further includes signature-related information; 
the verification operations comprise flie step of checking die signature-related 
uaformation to determine if the digital signature is trusted; and 

the digital signature is verified only if the signature is trusted, 

5 1 . Tlie method of claim 47, wherein: 
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the signed message is a message that has been encrypted and then signed, and further 
includes an encrypted session key for each message receiver, such that the message body is 
encrypted and both the encrypted message body and the encrypted session keys are signed; 

the method further comprises, after the step of performing verification operations, the 
step of decrypting the encrypted message body to recover an origmal message; and 

the step of transmitting comprises transmittmg the original message and the indication 
of the result of the verification operations to each corresponding wireless mobile 
communication device. 

52. The method of claim 51, wherein the step of transmitting comprises transmitting the 
original message, the indication of the result of the verification operations and an indication 
that the original message was encrypted to each corresponding whreless mobile 
communication device. 

53. The method of claim 52, further comprising the step, before the step of transmitting, 
of encrypting the original message, the indication of the result of the verification operations 
and the indication that the original message was encrypted, according to a security scheme 
implemented between the host system and each wireless mobile communication device. 

54. A method for post-processing a signed message at a host system before the message is 
forwarded to message receivers, the method comprising the steps of: 

receiving a signed message addressed to one or more message receivers from a 

wireless mobile communication device, the signed message including a message body, a 

digital signature and a signature-related information indication; 

removing the signature-related information indication fiiom the signed message; 
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attaching signature-related information identified in the signature-related infonnation 
indication to the signed message; and 

forwarding the signed message with the attached signature-related infonnation to the 
message receivers. 

55. The method of claim 54, wherein the sigiature information includes one or more of a 
Certificate of the wireless mobile communication device, a Certificate chain includmg one or 
more chained Certificates, and a Certificate Revocation list for the Certificate and any of the 
chained Certificates* 

56. The me&od of claim 54, wherein the signed message is a message that has been 
encrypted and then signed, such that the signed message body is encrypted, and the signed 
message further includes an encrypted session key for each message receiver. 

57. A method for post-processing an encrypted message at a host system before the 
message is forwarded to message receivers, the method comprising the steps of: 

receiving an encrypted message addressed to one or more message receivers fixjm a 
Wireless mobile communication device, the encrypted message including an encrypted 
message body and a session key; 

removmg the session key from the encrypted message; 

retrieving a public encryption key of each message receiver, 

encrypting the session key using the public key of each message receiver to generate a 
plurality of session keys, includiiig one session key for each message receiver; 

. attaching the plurality of encrypted session keys to the encrypted message body; and 
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forwarding the encrypted message body and attached encrypted session keys to each 
message receiver. 



58. The method of claim 57, wherein: 

the encrypted message is encrypted by the wireless mobOe communication device 
according to a security scheme implemented between the wireless mobile conununication 
device and the host system before being sent to the host system; and 

the method further comprises the step of decrypting the message at the host system to 
recover the encrypted message body and the session key. 

59. The method of claim 57, wherein the encrypted message is a message that has been 
signed and then encrypted and fiirdier includes an encrypted digital signature. 

60. A method of post-processing a message at a host system before the message is 
forwarded to message receivers, comprising the steps of: 

receiving at a host system a message addressed to one or more message receivers 
from a wireless mobile communication device, the message being encrypted according to a 
security scheme iinplemented between the host system and the wireless mobile 
communication device and including a message body and at least one of a signature 
indication, a signature-related information indication, an encryption indication and a session 
key; 

decrypting the received message at &e host system; 

determining, based on the signature indication, if the message is to be signed, and if 
so, then 
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generating a digital signature of the message body on behalf of the wireless 
mobile commmiication device and attaching the digital signature to the message body; 
and 

determining, based on the signature-related information indication, if 
signature-related information is to be attached to the message, and if so, then 
attaching the signature-related information to tfie message body; 
determining, based on the encryption indication, if the message is to be encrypted, and 
if so, then 

determining if the received message includes a session key; 
if the received message includes a session key, then using the session key to 
encrypt the message body; 

if the received message does not include a session key, then generatmg a 
session key and using the generated session key to encrypt the message body; 

encrypting the session key used to encrypt the received message using a public 
key of each message receiver, and 

attaching each encrypted session key to the encrypted message body; and 
forwarding the message body and any attached information to each message receiver. 

61. The method of claim 60 wherein the host system may be either signing the message, 
encrypting the message, signing first and then encrypting the message by encrypting tiie 
message body, the digital signature and any attached signature-related information, or 
encrypting first and then signing the message by generating a digital signature based on the 
encrypted message body and encrypted session keys and attaching any signature-related 
information identified in the signaturp-related information indication if mcluded in the 
received message, before the message is forwarded to tiie message receivers, 
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62. A method of processing an encoded message at a host system before the message is 
transmitted to a wireless mobile corbmmiication device, the method comprising the steps of: 

receiving at the host system the encoded message from a message sender addressed to 
a plurality of message receives; 

determining whether any of the message receivers has a corresponding wireless 
mobile communication device; and 

for each message receiver that has a corresponding wireless mobile communication 

device: 

processing , the message so as to modify the message with respect to an 
encoding aspect, said encoding aspect being selected from the group consisting of an 
encryption aspect, an authentication aspect, and combinations thereof ; and 

transmitting the processed message to the corresponding wkeless mobile 
conmmnication device. 



92 



wo 02/101605 



PCT/CA02/00889 



1/22 




wo 02/101605 



2/22 



PCT/CA02/00889 



Sender 

1. Normal E-Mail Exchange 



E-Mail Composed and Sent 
Using Standard SMTP/MIME 
Protocols 



120 



125 



Receiver 



Received and given to addressed 
user(s) - Not secure between 
. confipanies 



2, Inter-Offlce Exchange 



VPN system may employ 
IPSec to transmit Information 



130 



135 



Corresponding VPN system 
decrypts mail and fonvards mall to 
addressed user(s) 



3. Private Security Method 



Mall Agent, like PGP, used to 
encrypt e-mail before being 
sent. 



4. S/MIME Signing 



A Digest of the Mail Is signed 
with sender's Private Key 
before being sent 



5. S/MIME Encrypted 



Mail is encrypted using a 
session key and the session 
key is encrypted using each 
receiver's public key 



140 



150 



160 



6. S/MIME Encrypted then Signed 



Mail Is encrypted using session 
key, session key is encrypted 
using each receiver's public 
key, then the mail is signed 
using the sender's private key 



170 



145 



Con-esponding Agent, like PGP 
Pj decoder, needed to decrypt mail 
before being given to user(s) 



155"> 



Message can be read without 
signature verification, but receiver 
requires sender's public key to 
verify signature and confirm 
authentication of sender 



165 



Receiver must decrypt session key 
with private key and then decrypt 
message with session key 



175 



Each receiver first verifies 
signature using sender's public key, 
then decrypts session key using 
receiver's private key and decrypts 
message with session key 



7. S/MIME Signed then Encrypted 185 



The mail is signed using the . 
sender's private key. then mail Is 
encrypted using session key and 
session key is encrypted using 
each receiver's public key 



180 



^ Each receiver decrypts session key 
with receiver's private key and then 
^ decrypts message with session key 
and verifies the digital signature 
using sender's public key 



FIG. 2 



wo 02/101605 



PCT/CA02/00889 



3/22 




FIG. 3 



wo 02/101605 



PCT/CA02/00889 



4/22 



416 




Message Body 
(Encrypted) 



418 



Encrypted Session 
Key (User A) 



Encrypted Session 
Key (User B) 



420 
422 



Wireless 
Gateway 



IVIoblle Device 
(User A) 

412-^ 



403 




406 



l\/Iessage 
Server 



Wireless 
Connector 
System 





Desktop 




Computer 




System 





Message Body 
(Encrypted) 



418 



Encrypted Session 
Key (User B) 



422 



Mobile Device 
(User B) 

^414 



Message Body 
(Encrypted) 



418 



Encrypted Session 
Key (User A) 



420 



FIG. 4 



wo 02/101605 



PCT/CA02/00889 



5/22 



Cert, Chain, CRLs, 
Digital Signature 



618 




Mobile Device 
(UserB) 



Mobile Device 
(User A) 



Message Body 
(Signed) 



Digital Signature 



520 



524 



FIG. 5 



wo 02/101605 



PCT/CA02/00889 




wo 02/101605 



PCT/CA02/00889 



7/22 




^ 0) 

< £ 
^ o 



d 



wo 02/101605 



PCT/CA02/00889 



8/22 




00 



wo 02/101605 



PCT/CA02/00889 



9/22 




Mobile Device 
(User B) 



Mobile Device 
(User A) 

912->' 



Message Body 
(Wireless-Friendly 
Encrypted - User A) 



924 



FIG. 9 



wo 02/101605 



PCT/CA02/00889 



10/22 



Cert, Chain, CRLs, 
Digital Signature 



l\/lessage Body 
(Signed) 




1018 



1020 



1006 



Corporate LAN 



r 10 05 



Message 
Server 



Wireless 
Connector 
System 



1007 





Desl^op 




Computer 




System 




1028 



Wireless 
Gateway 



1010 




iVIessage Body 
(Wireless-Friendly 
Encrypted - User B) 



Signature Indication, 
(Wireless-Friendly 
Encrypted - User B) 



1026 



1027 



l< — 


— — ► 




Mobile Device 






► 


(User B) 



^1014 



Mobile Device 
(User A) 

1012-^ 



Message Body 
(Wireless- Friendly 
Encrypted - User A) 



Signature Indication, 
(Wireless-Friendly 
Encrypted - User A) 



1024 



1025 



FIG. 10 



wo 02/101605 



PCT/CA02/00889 



11/22 



CM 



\>»CQ 
O CD CO 

m :c: D 

o \ 

^ en 5 

CD 4=^ 



CO 



CO c 0) 

0 0 C/J 

5 -i S. 

1 £ & 

CO ^UJ 




(5 



^ o 



wo 02/101605 



PCT/CA02/00889 



12/22 



00 

o 

CM 



i3 £ 

DC 3 ^ 

C D) Q. 

tf 5? — 

O 



CM 



0) C 
0)LU 
(0 « 
M "D 

® C 
2 TO 
CO 



c 
o 
'55 

CO 
CD 
CO 

T3 
CD 



CD 
CO 

3 



c 
LU 



c: 
o 

CO UJ 




CD 
CO 

3 



0) 
O) 

"D 

CD 

c 
LU 



CO 

o 

04 




O 

CM 




wo 02/101605 



PCT/CA02/00889 



13/22 




Process 
Signed 
.Data. 



"^1450 



1310 



Route message 
to recipients as 
needed 



Generate 
digest A on 
message 

\1340 





1345 




/ 1350 




Detect 




Retrieve 


— ► 


digital 


— ► 


sender's 




signature 




public Icey 



Extract digest B from 
ditigai signature and verify 
signature on digest B 




Send signature 
indication and 
message body to 
mobile device 



T 

Lf 



Add "Failed" 
signature 
ind ication 

— czz 



1370 



Add 
"Verified" 
signature 
indication 

nn — 



1395 



Send signature 
Indication, encryption 
indication and 
message body to 
mobile device 




1380 



FIG. 13 



wo 02/101605 



PCT/CA02/00889 



14/22 



1330 



Process 
Encrypted 
Data 
.First, 




Process 
Encrypted 
Data 



— 1380 




1410 



Extract session key 
for mobile device user 



1415 



\ 



Generate message with 
encrypted session l<ey and 
send to mobile device 



1430 



User unable to 
decrypt session 
key and cannot 
view message on 
mobile device 



Send signature 
indication, encryption 
indication and 
message body tb 
mobile device 



1465 



Send encryption 
indication and 

message body to 
mobile device 




1435 



User opens 
message and 
issues command 
to decrypt 
session key 



Decrypted session key 
returned to redirection 
system and used to 
decrypt message 



Process 
Signed 
Data> 



FIG. 14 




wo 02/101605 



PCT/CA02/00889 



15/22 



User composes 
message on 
mobile device 



1500 



User selects 'signed 
last' or 'signed only* 
message security 



1505 



1530 




Generate 
session key 



Generate digest 
and digital 
signature 



1515 



Encrypt message 
using session key 



1520 



Encrypt session key 

using each 
receiver's public key 



1525 



Send message and possibly 
encrypted session keys with digital 

signature and signature-related 
Information indication to host system 



/ 



1535 



1 



1540 



Extract signature-related 
information indication 
from message 



i 



1545 



Attach appropriate 
signature-related 
information to message 



1550 



Send message and digital 
signature with attached 

signature-related 
information to receivers 



FIG. 15 



wo 02/101605 



PCT/CA02/00889 



16/22 



User composes 
message on 
mobile device 



1600 



User selects 'encrypted 
last' or 'encrypted only' 
message security 




1605 



1625 




Generate 
digest and 
digital signature 



Generate 
session key 



1615 



Attach digital 
signature, Cert, 
chain, CRLs to 
message 



1620 



Encrypt message, with digital 
signature, Cert, chain and CRLs 
if signed, using session key 



1630 



Encrypt session key using host system / 1635 
public key or wireless-friendly security 

scheme and send message and 
enc rypte d session key to host system 

I 



1640 



\ 



Decrypt 
session key 



Re-encrypt session key . 
using public key of each 
addressed receiver 




Send encrypted message 
with attached encrypted 
session keys to receivers 


► 



FIG. 16 



wo 02/101605 



PCT/CA02/00889 



17/22 




d 



wo 02/101605 



PCT/CA02/00889 



18/22 



E-mail Sender 



1802 



FIG. 18 




1804 



1806 



Host System 



Wireless Connector 
System 



1810- 



1808 



Authentication And/Or 
Encryption Message 
Processing 




1 I 

I I 

» • 

( ' Second Processed 
V Message / 



1816 
1818 



First 
Mobile Device 



Second Mobile 
Device 



wo 02/101605 



PCT/CA02/00889 



19/22 




1902 



FIG. 19 



1904 



1906 



Wireless Connector 
System 



1908 



Authentication/ 
Encryption Message 
Processing 



Host System 




1910 



Processed Message 




1912 



Receiver 



1914 




1918 



Other Receivers i 



I 



wo 02/101605 



PCT/CA02/00889 



20/22 




wo 02/101605 



PCT/CA02/00889 



21/22 




wo 02/101605 



PCT/CA02/00889 



22/22 




(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

Internationa] Bureau 

(43) International Publication Date 
19 December 2002 (19.12.2002) 




PCT 



(10) International Publication Number 

wo 02/101605 A3 



(51) International Patent Classification^: G06F 17/60, 
H04L 29/06, 9/32, 12/58 

(21) International Application Number: PCT/CAO2/O0889 

(22) International Filing Date: 12 June 2002 (12.06.2002) 
(25) Filing Language: English 
(2(>) Publication Language: English 



(30) Priority Data: 

60/297,681 
60/365,535 



12 June 2001 (12.06.2001) US 
20 March 2002 (20.03.2002) US 



(71) Applicant (for all designated States except US)t RE- 
SEARCH IN MOTION LIMITED [CA/CA]; 295 Phillip 
Street, Waterloo, Ontario N2L 3W8 (CA). 



(72) Inventors; and 

(75) Inv€ntors/AppUcants(/br WSo/i/y;: GODFREY, James, 
A. [CA/CA]; 300 Regina Street N., #1506A, Waterloo, 
Ontario N2J 3B8 (CA). LITTLE, Herbert, A. [CA/CA]; 
504 Old Oak Place, Waterloo, Ontario N2T 2V8 (CA). 
BROWN, Michael, K. [CA/CA]; 1938 Mapleridge Drive, 
Peteitoiiough, Ontario K9K 2E4 (CA). ADAMS, Neil, 
P. [CA/CA]; 151 MacGregor Cres. Apt 5, Waterioo, 
Ontario N2J 3X2 (CA). CHERRY, Carl, L. [CA/CA]; 
303 Woodiow PL, Waterioo, Ontario N2T 2V7 (CA). 
TYHURST. Timothy. R [CA/CA]; 736 Avondale Ave., 
Kitchener, Ontario N2M 2W5 (CA). BROWN, Michael, 
S. [CA/CA]; 350 UnWersity Downs Cre.. Waterioo, On- 
tario N2K4B1 (CA). 

(74) Agents: PATHIYAL, Krishna, K. et al.; Research In Mo- 
tion Limited, 295 Phillip Street, Waterioo, Ontario N2L 
3W8 (CA). 



[Continued on next page J 



(54) Title: SYSTEM AND METHOD FOR COMPRESSING SECURE E-MAIL FOR EXCHANGE WITH A MOBILE DATA 
COMMUNICATION DEVICE 



If) 

o 

o 
O 



E-fnaii 
Sender Ki 
(Secure) 
Clo2 



404- 



Message Bocfy 
(Encrypted) 




408^ 



Wireless 
Gateway 




426 




Message Body 
(Encrypted) 



Encrypted Session 
Key (User B) 



418 
422 





Mobile Device 
(User B) 





424 



Message Body 
(Ef^rypted) 



Encrypted Session 
Key (User A) 



418 

[A 
420 



(57) Abstract: A system and method arc provided for pre- 
processing encrypted and/or signed messages at a host sys- 
tem before the message is transmitted to a wueless mobile 
communication device. The message is received at the host 
system from a message sender. There is detennination as to 
whether any of the message receivers has a coiresponding 
wireless mobile communication device. For each message 
receiver that has a coiresponding wireless mobile commu- 
nication device, the message is processed so as to modify 
the message with respect to encryption and/or authentica- 
tion aspect. The processed message is transmitted to a corre- 
sponding wireless mobile communication device. The sys- 
tem and method may include post-processing messages sent 
from a wireless mobile communications device to a remote 
system. Authentication and/or encryption message process- 
ing is peifonned upon the message. The processed message 
may dien be sent through the remote system to one or more 
receivers. 



412- 



wo 02/101605 A3 liiigiliillliiiiliilllillllllliliii 



(81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR. BY, BZ, CA, CH, CN, CO, Cr] CU 
CZ, DE, DK, DM, DZ, EC, EE, ES, FI, GB, GD, GE,' Gu[ 
GM, HR, HU, ID, DL, IN, IS, JP, KE, KG, KP, KR, KZ, LQ 
LK, LR. LS, LT, LU, LV. MA, MD, MG, MK, MN MW 
MX, MZ, NO, NZ, OM. PH, PL, PT, RO, RU, SD. SB, Sg] 
SI. SK, SL, TJ, TM, TN, TR. TT, TZ, UA, UG, US, UZ, 
VN, YU,ZA,ZM,ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM. 'zW)] 
Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM)i 
European patent (AT. BE, CH, CY, DE, DK. ES, H, FR,' 
GB, GR, IE, IT, LU, MC, NL. PT. SE, TR). OAPI patent 
(BF. BJ, CF. CG. a, CM, OA. ON. GQ. GW. ML. MR. 
NE, SN, TD. TO). 



Declarations under Rule 4J7: 

as to c^plicant's entitlement to apply for and be granted 
a patent (Rule 4.17(0)) for the following designations AE, 
AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, BZ, CA, 
CH, CN, CO, CK CU, CZ, DE, DK, DM, DZ, EC, EE, ES, 
FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, 
KG,KP,KR,KZ, LC, LK LR, LS, LT, LU, LV,MA, MD, MG, 
MK, MN,MW,MX,MZ, NO, NZ, OM, PH, PL, PT, RO, RU, 
SD, SE, SG, SI, SK SL, TJ, TM, TN, TR, TT, TZ UA UG 
UZ, m YU. ZA, ZM, ZW, ARIPO patent (GH, GM, KE, LS, 
MW, MZ, SD, SL, SZ TZ, UG, ZM, ZW), Eurasian patent 
(AM, AZ BY, KG, KZ MD, RU, TJ, TM), European patent 



(AT, BE, CH. CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, 
MC, NL, PT, SE, TR), OAPI patent (BF, BJ, CF, CG, CI, 
CM, GA, GN, GQ, GW, ML, MR, NE, SN, TD, TG) 
— as to the applicant 's entitlement to claim the priority of the 
earlier application (Rule 4. 17(iii))for the following desig- 
nations AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, 
BZ CA, CH, CN, CO, CR, CU, CZ DE, DK, DM, DZ EC, 
EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, 
IS, JP, KE, KG, KP,KR,KZ LC, LK LR, LS, LT, LU, LV, 
MA, MD, MG, MK MN, MW, MX, MZ NO, NZ OM, PH, 
PL, PT, RO, RU, SD, SE, SG, SI, SK SL, TJ, TM, TN, TR, 
TT, TZ, UA, UG, UZ VN, YU, ZA, ZM, ZW, ARIPO patent 
(GH, GM, KE, LS, MW, MZ SD, SL, SZ TZ UG, ZM, ZW), 
Eurasian patent (AM, AZ BY, KG, KZ, MD, RU, TJ, TM), 
Europeanpatent (AT, BE, CH, CY, DE, DK ES, FI, FR, GB, 
GR, IE, IT, LU, MC, NL, PT, SE, TR), OAPI patent (BF, BJ, 
CF, CG, CI, CM, GA, GN, GQ GW, ML, MR, NE, SN, TD, 
TG) 

— of inventorship (Rule 4. 1 7(iv))for US only 
Published: 

— with international search report 

(88) Date of publication of tlie international search report: 

6 March 2003 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette, 



INTERNATIONAL SEARCH REPORT 



Inti^ onal Application No 

PCl/CA 02/00889 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 G06F17/60 H04L29/06 H04L9/32 H04L12/58 




According to International Patent Classification (IPC) or to both national classification and IPC 




B. FIELDS SEARCHED 


Minimum documentation searched (classiiication system tollowed by classification symbols) 

IPC 7 G06F H04L 


Documentation searched other than minimum documentation to the extent that such docunnents are included In the fields searched 


Electronic data base consulted during the International search (name of data b. 

EPO-Internal 


)se and, where practical, search temis used) 


C. DOCUMENTS CONSIDERED TO BE RELEVANT 


Category • 


Citation of document, with Indication, where appropriate, of the relevant passages 


Relevant to claim No. 


X 


LAI M K E ET AL: "A mobile subscriber 
proxy preserving writer-to-reader message 
security" 

MILITARY COMMUNICATIONS CONFERENCE, 1996. 
MILCOM '96, CONFERENCE PROCEEDINGS, IEEE 
MCLEAN, VA, USA 21-24 OCT. 1996, NEW YORK, 
NY, USA, IEEE, US, 

21 October 1996 (1996-10-21), pages 
461-467, XP010203896 

ISBN:* 0-7803-3682-8 
the whole document 


1-23,62 






-/- 




Px] Further documents are listed in the continuation ot box C. 


|X 1 Patent family members are Dated In annex. 


* Special categories of dted documents : 

•A' document defining the general slate of the art which Is not 
considered to be of particular relevance 

■E' eaifier document but pubfished on or after the International 
filing date 

•L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

•C document referring to an oral disclosure, use, exhibition or 
olher means 

"P' document pul>lished prior to the international filing date but 
later lhan the priority date claimed 


T' later document published after the intemationai filing dale 
or priority date and not in conflict with the application but 
cited to understand the principle or theory undertying the 
invention 

*X' document of particular relevance; the claimed Invention 
cannot be considered novel or cannot be considered to 
Involve an Inventive step when the document is taken atone 

'Y' document of particular relevance; the dalmed Invention 
cannot be considered to invoh/e an inventive step when the 
document is combined with one or more olher such docu- 
ments, such combination being ofcn/lous to a person skilled 
in the art. 

document member of the same patent lamSy 


Date oi the actual completion of the Intemationai search 


Date of maHing of the International search report 


2 


December 2002 


f a 12 02 


Name and mailing address of the ISA 

European Patent Office. P.B. 5818 Patentiaan 2 
f^JL-2280HV RilswOk 
TeL (+31-70) 340-2040. Tx. 31 651 epo nl, 
Fax: (+31-70) 340-3016 


Authorized officer 

Sanandres Ledesma, 


J 



Fonn PCMSA/210 (second sheet) (July 1992) 



page 1 of 3 



INTERNATIONAL SEARCH REPORT 



C.(Contlnuatlon) DOCUMENTS CONSIDERED TO BE RELEVANT 



Intt ||Dnal Application No 

PLi/CA 02/00889 



Category 



Cttatton of document, wHIi Indlcalion.where appropriate, of His relevant passages 



RelevanltodalmNo. 



X 
Y 



US 6 084 969 A (BROOK CHRISTOPHER T ET 
AL) 4 July 2000 (2000-07-04) 
column 1, line 1 -column 4, line 5 
column 9, line 35 -column 12, line 59; 
figures 2,5 

column 13, line 42 -column 14, line 67; 
figures 7-10 

US 6 061 448 A (BANDINI JEAN-CHRISTOPHE 
ET AL) 9 May 2000 (2000-05-09) 
column 1, line 1 -column 2, line 62 
column 5, line 53 -column 6, line 2 

MAMBO M ET AL: "PROXY SIGNATURES: 
DELEGATION OF THE POWER TO SIGN MESSAGES" 
lEICE TRANSACTIONS ON FUNDAMENTALS OF 
ELECTRONICS, COMMUNICATIONS AND COMPUTER 
SCIENCES, INSTITUTE OF ELECTRONICS 
INFORMATION AND COMM. ENG. TOKYO, JP, 
vol. E79-A, no. 9, 

1 September 1996 (1996-09-01), pages 
1338-1353, XP000679624 

ISSN: 0916-8508 
the whole document 

WO 01 78491 A (POSTX CORP) 

25 October 2001 (2001-10-25) 

page 11, line 8 -page 12, line 27; figures 

6A,6B 

EP 1 096 727 A (RES IN MOTION LTD) 

2 May 2001 (2001-05-02) 
the whole document 

BROWN M ET AL: "PGP in Constrained 
Wireless Devices" 

PROCEEDINGS OF THE 9TH USENIX SECURITY 
SYMPOSIUM, 

14 - 17 August 2000, XP002210575 
Denver, Colorado, USA 
the whole document 

SYVERSON P:" "Limitations on design 
principles for public key protocols" 
SECURITY AND PRIVACY, 1996. PROCEEDINGS., 
1996 IEEE SYMPOSIUM ON OAKLAND, CA, USA 
6-8 MAY 1996, LOS ALAMITOS, CA, USA, IEEE 
COMPUT. SOC, US, 
6 May 1996 (1996-05-06), pages 62-72, 
XP010164926 
ISBN: 0-8186-7417-2 
the whole document 



-/- 



57-61 



57-59 
60,61 

60,61 



57-59 

1-23,62 
1-23,62 



61 



PClnsMW (conllnuaBan ol iMand (tied) {talf 1992) 



page 2 of 3 



INTERNATIONAL SEARCH REPORT 



C.{ContInuatIon) DOCUMENTS CONSIDERED TO BE RELEVANT 


Inf- ional Application No 

Pui/'CA 02/00889 | 


1 Category 


Citation of document, wHh Indication.where appropriate, of the relevani passages 


1 Relevant to clakn No. 1 


A 


SUBRAMANYAM V ET AL: "Security in mobile 
systems" 

RELIABLE DISTRIBUTED SYSTEMS, 1998 
PROCEEDINGS. SEVENTEENTH IEEE SYMPOSIUM ON 
WEST LAFAYETTE, IN, USA 20-23 OCT. 1998. 
LOS ALAMITOS, CA, USA. IEEE COMPUT. SOC. 
US, ' 

20 October 1998 (1998-10-20). pages 
407-412, XP010319125 
ISBN: 0-8186-9218-9 
the whole document 




honnPC7/iSAClO(conUnuaHcnol second sheel) (July 1992) ~ ' 1 



page 3 of 3 



INTERNATIONAL SEARCH REPORT 



hational application No. 

PCT/CA 02/00889 



Box I Observations where certain claims were found unsearchable (Continuation of Item 1 of first sheet) 



This imernailonal Search Report has not been established in respect of certain claims under Article 17(2)(a) for the following reasons: 
^- d] Claims Nos.: 

because they relate to subject matter not required to be searched by this Authority, namely: 



2. Q Claims Nos.: 



3. Q Claims Nos.: 

because they are dependent claims and are not dmfled in accordance with the second and third sentences of Rule 6.4(a). 



Box II Observations where unity of Invention Is lacking (Continuation of item 2 of first sheet) 



This International Searching Authority found multiple bivenUons In this mtemational application, as follows: 



see additional sheet 



O ^a^'ISte'd^i^*"^' P*"* "'^ *PP'"^*' '"temational 



Search Report covers all 



■ ofVrJaddt^'l^f^e^'™ *^ effort Justifying an additional fee, this Authority did not Invite payment 



1-23,57-62 



I I Iton 



Remark on Protest 



□ 

The additional search fees were accompanied by the applicant's protest. 
fx] No protest accompanied the payment of additional search fees. 



Form PCT/lSA/210 (continuation of first sheet (i)) (July 1998) 



FURTHER INFORMATION CONTINUED FROM PCT/ISA/ £10 



International Application No. PCTyCA 02 ;00889 



I!!ipnJ?inc"?iV°!l-^ Searching Authority found multiple (groups of) 
inventions in this international application, as follows: 

1. Claims: 1-23 and 62(partially) 

Method for reducing at a host system the size of a encrvoted 
message containing several encrypted session keys before the 
message is transmited to a wireless mobile coSiS?Sn 
device, comprising the step of discarding all the encrypted 
session keys but the one corresponding to a destinaEfSf 



2. Claims: 24-35 and 62(partiany) 

Z^tt tZ ""earranging at a host system a signed message 
before the message is transmited to a wireless mobile 

S?;;gl5^:e"sslg:''' ""^^'""^ '''' ^ 

3. Claims: 36-46 and 62(partially) 

for pre-processing at a host system an encrypted 
message before the message is transmited to a wireless 
mobile communication device, comprising the step of 
decrypting the encrypted message body. 

4. Claims: 47-53 and 62(partially) 

bifnri tZ P^^-P'"o««]"9 at a host system a signed message 
J™/^*-"'"^^^? transmited to a wireless mobile 
communication device, comprising the step of performing 
verification operations to check the digital Signature 

5. Claims: 54-56 and 60,61 (partially) 

rtlt^^tl^'l post-processing at a host system a signed message 
received from a wireless mobile communication device, 
comprising the step of attaching signature-related 
information to the signed message. 



6. Claims: 57-59 and 60,61 (partially) 

m!^™'^"^ post-processing at a host system an encrypted 
message received from a wireless mobile corarauni cation 
tr^l'^k ^°"'P!:!si"9 the step of encrypting the session key 
with the public key of each message receiver 



IIM I tKNA I lONAL SEARCH REPORT 

iformation on patent family members 



In"- nat Applfcatlon No 

Fu,/CA 02/00889 



Patent document 
cited In search report 



Publication 
date 



Patent family 
member(s) 



US 6084969 



04-07-2000 



AU 
WO 



1946699 A 
9934553 Al 



02-05-2001 



Publication 
date 



19-07-1999 
08-07-1999 



us 6061448 


A 


09-05-2000 


EP 


0869652 A2 


07-10-1998 








OP 


11031127 A 


02-02-1999 








TW 


396308 B 


01-07-2000 


WO 0178491 


A 


25-10-2001 


AU 


5536601 A 


30-10-2001 








WO • 


0178491 A2 


25-10-2001 



US 6219694 61 17-04 

EP 1096725 A2 02-05 

EP 1096726 A2 02-05 

EP 1096727 A2 02-05 

EP 1098481 A2 09-05 

EP 1124352 A2 16-08 

EP 1126662 A2 22-08 

EP 1206073 A2 15-05 

AU 3924499 A 20-12- 

CA 2333881 Al 09-12- 

WO 9963709 A2 09-12- 

CN 1304608 T 18-07- 

EP 1082839 A2 14-03- 

JP 2002517947 T 18-06- 

NO 20005917 A 26-01- 

US 6463464 Bl 08-10- 

US 6463463 Bl 08-10- 

US 2001009015 Al 19-07- 

US 2001013071 Al 09-08- 

US 2001005860 Al 28-06- 

US 2001004744 Al 21-06- 

US 2001005861 Al 28-06- 

US 2001005857 Al 28-06- 

US 2002120696 Al 29-08- 

US 2001054115 Al 20-12- 

US 2002029258 Al 07-03- 

US 2002049818 Al 25-04 



•2001 
■2001 
2001 
-2001 
-2001 
-2001 
-2001 
-2002 
-1999 
-1999 
-1999 
-2001 
-2001 
-2002 
-2001 
-2002 
-2002 
-2001 
-2001 
-2001 
-2001 
-2001 
■2001 
■2002 
2001 
2002 
2002 



